[Summary]
On 3/31 (UTC), a GitHub Action workflow used for signing macOS apps downloaded a malicious version of Axios (v1.14.1). While the likelihood of certificate theft is low, the existing app signing certificate was revoked and replaced due to the risk. The revocation and replacement of the app signing certificate may result in older versions of macOS apps being unable to receive further updates/support or may not run at all. This appears to be a major adverse event following the previous LiteLLM "supply chain attack" incident.
Below is AI auto-translated content from the official announcement.
Please refer to the original source link.
=======================
What Happened?
On 2026-03-31 (UTC), as part of a widespread software supply chain attack involving the third-party library Axios, the GitHub Actions workflow used for OpenAI's macOS app signing downloaded and executed a malicious version of Axios (version 1.14.1).
The workflow had access to code signing and notarization certificates (material) used for macOS app signing.
Impact and Assessment
Upon investigation, while the likelihood of the certificate actually being compromised is low (due to timing and order of operations, etc.), the certificate was treated as compromised and revoked and replaced to minimize risk.
OpenAI found no evidence that user data or product software was altered or exposed.
User Impact and Timeline
Starting 2026-05-08, older versions of macOS apps may no longer receive updates and support or may not run.
After that date, new downloads and first launches of apps signed with the previous certificate may be blocked by macOS security (however, exceptions may occur if users bypass security).
First New Certificate Signed Versions of the Respective Apps as Presented by OpenAI (for reference):
Response Measures (Investigation and Recovery)
Hired third-party forensics/incident response firm, replaced macOS code signing certificate, deployed new builds.
Coordinated with Apple to block new notarization with the previous certificate.
Verified that no unexpected notarization occurred with the previous certificate and validated that there were no unauthorized changes to public software.
Root Cause: Configuration error in GitHub Actions workflow (use of floating tag instead of fixed commit, minimumReleaseAge not set for new packages).
FAQ (Summary)
Was product or user data exposed? → No, no evidence.
Was malicious code distributed signed by OpenAI? → No evidence to date.
Do I need to change my password? → No.
Which platforms are affected? → macOS apps only. iOS/Android/Linux/Windows and web versions are not affected.
How do I update? → Update within the app or download only from official sources (avoid emails/messages/ads/third-party site links).
Recommended User Action (Simple)
Update your OpenAI macOS app to the latest version as soon as possible through official channels (in-app update or OpenAI's official page).
Never use installers received from emails, messages, ads, file sharing links, or downloads from unofficial sites.
Password or API key changes are not currently necessary (as per the official announcement).