1. Forum
  2. tqwNet
  3. TQW GENTECH

  • OpenAI flags third-party data issue all macOS users should updat

    From TechnologyDaily@1337:1/100 to All on Mon Apr 13 17:15:26 2026
    OpenAI flags third-party data issue all macOS users should update now

    Date:
    Mon, 13 Apr 2026 16:05:00 +0000

    Description:
    OpenAI rotated certificates and updated its apps out of an abundance of caution.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter OpenAI rotated macOS codesigning certificate after Axios supply chain breach Malicious Axios 1.14.1 pulled into appsigning workflow No evidence of data theft, but older app versions deprecated OpenAI recently rotated its macOS code signing certificate and pushed new versions
    of macOS products as a proactive measure against potential malware attacks.

    When an app is signed with a valid developer certificate (like OpenAIs), the system assumes the developer is verified, the app hasnt been tampered with, and that its safe to run. Having malware signed with one of these
    certificates almost guarantees it will bypass protections and will be allowed to run on the endpoint. In an update published late last week, the popular AI company said it observed a breach at Axios, a third-party developer tool it uses, in late March this year. Axios is a JavaScript library used to send
    HTTP requests (it allows apps to talk to servers). It was compromised, and a malicious version - 1.14.1 - was pushed. Article continues below You may like Security experts discover critical flaw in OpenAI's Codex able to compromise entire organizations OpenAI patches flaw allowing silent data leakage from ChatGPT conversations Beware, hackers have hijacked OpenAIs 'invite your
    team' feature to break into your business

    The attack was apparently part of a broader software supply chain attack, it was said. At the time, OpenAI used a GitHub Actions workflow in the macOS app-signing process, which downloaded and executed that malicious version. User data is safe This workflow had access to a certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas, OpenAI explained.

    While the companys incident analysis determined that the signing certificate was likely not successfully exfiltrated, it still treated it as compromised and decided for a rotation.

    Effective May 8, 2026, older versions of our macOS desktop apps will no
    longer receive updates or support, and may not be functional, OpenAI warned. These versions represent the earliest releases signed with our updated certificate: Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
    or sponsors By submitting your information you agree to the Terms &
    Conditions and Privacy Policy and are aged 16 or over.

    ChatGPT Desktop: 1.2026.051

    Codex App: 26.406.40811

    Codex CLI: 0.119.0 What to read next 'A human-chosen password doesn't stand a chance': OpenClaw has yet another major security flaw here's what we know about "ClawJacked" OpenClaw AI agents targeted by infostealer malware for the first time Python libraries used in top AI and ML tools hacked - Nvidia, Salesforce and other libraries all at risk

    Atlas: 1.2026.84.2

    In the same report, the company stated that there is no evidence user data
    was accessed, intellectual property was compromised, or that the software itself was altered in any way.

    Via Reuters The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/openai-flags-third-party-data-issue-all -macos-users-should-update-now


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)