OpenAI: Update Mac Apps After Supply Chain Attack

OpenAI is telling Mac users to update their ChatGPT and Codex apps immediately. This follows a hack involving an open-source software library called Tanstack. Here's the thing: An attacker published 84 malicious software versions across 42 Tanstack packages. These packages are widely used, with some receiving millions of weekly downloads. Security researchers quickly flagged and removed the malicious versions. However, if installed, this malware could steal developer login credentials for cloud computing accounts. OpenAI found that two employee devices, with corporate access, installed these malicious versions. They detected activity consistent with the malware, including unauthorized access to internal source code repositories. What's important here is that these repositories included private signing certificates for OpenAI's products, including those for macOS. If stolen, a hacker could use these to make their own malicious software appear legitimate. OpenAI is rotating these certificates as a precaution. This means macOS users must update their applications. OpenAI says this helps prevent anyone from distributing a fake app that looks like it's from them. They also warn Mac users to avoid installing apps from links in emails, messages, or third-party sites. The bottom line: Updating your apps protects you from potential security risks.