United States - Ekhbary News Agency
OpenAI, the creator of ChatGPT, has publicly addressed a security vulnerability linked to Axios, a widely used third-party developer library. The incident, which came to light on Friday, primarily impacted the process used to certify the legitimacy of OpenAI's macOS applications. Crucially, the company's thorough investigation has found no indication that user data was accessed, intellectual property compromised, or its software altered during the event. This reassurance comes as OpenAI moves swiftly to update its security certifications, mandating that all macOS users update their applications to the latest versions to mitigate any potential risks from malicious distribution attempts.
The security breach originated from a broader software supply chain attack on March 31, believed to be orchestrated by actors linked to North Korea. This sophisticated attack led to a GitHub Actions workflow utilized by OpenAI inadvertently downloading and executing a malicious version of Axios. While this workflow had access to sensitive certificate and notarization materials for macOS applications like ChatGPT Desktop, Codex, and Atlas, OpenAI's analysis suggests the signing certificate was likely not successfully exfiltrated. In response, OpenAI has rectified the misconfiguration in its GitHub Actions workflow, which was identified as the root cause. Furthermore, older versions of OpenAI's macOS desktop applications will cease to receive updates or support and may become non-functional after May 8, reinforcing the urgency for users to upgrade. The company also confirmed that user passwords and OpenAI API keys remained unaffected.
Read Also
- US-Iran Deal to Reopen Hormuz Strait: Oil Prices to Stabilize?
- Reported US-Iran Peace Deal Sparks Mixed Reactions
- El Nino Threatens Southeast Asian Livelihoods Amid Soaring Inflation
- Ibrahim Maza: Algeria's World Cup Star with German-Vietnamese Roots
- UN Urges Drone Regulation in Conflict Zones Amid War Crime Concerns
