Soon mandatory update for OpenAI apps on the Mac – after hacker attack | News

On June 12th, some users of ChatGPT Desktop, the Codex app, Codex CLI and Atlas may notice that the programs no longer start on macOS. OpenAI clearly states that updates should be made urgently to ensure uninterrupted operations. However, this is not a trick to help current versions become more widespread; instead, there are other reasons. A few days ago, the widely used open source library TanStack was compromised as part of a larger attack called Mini Shai-Hulud – employee devices in the corporate environment were also affected.

Revoking certificates for security reasons
The affected repositories contained signing certificates for OpenAI products, including iOS, macOS and Windows. According to OpenAI, there is fortunately no evidence that user data, passwords, API keys or other intellectual property have been compromised – the apps are still being re-signed for security reasons. After June 12th, older versions that are still signed with the old certificate will be blocked by macOS security mechanisms. However, no manual intervention is required for iOS/iPadOS; action is only required for macOS. According to OpenAI, the certificates will not be recalled immediately, otherwise existing installations will suddenly stop working.

Warning about spam and malware campaigns
OpenAI expressly recommends that you only obtain updates via the integrated update function or the official OpenAI websites. You should avoid installers from emails, messages, third-party download sites or file shares. Such situations are particularly sensitive after certificate incidents because attackers could try to circulate fake ChatGPT or OpenAI installers and use them to spread malware. But you can probably already predict with certainty what the content of future waves of spam will be.