Aftermath of Axios supply chain attack: All older versions of OpenAI Mac applications will stop working starting tomorrow

According to Beating Monitoring, OpenAI’s macOS signing certificate will be officially revoked tomorrow (May 8). At that time, outdated versions of ChatGPT Desktop, Codex, Codex CLI, and Atlas that haven’t been updated will be unable to start and will no longer receive updates. If you’re using the Mac version, now is the time to update, either through in-app updates or by downloading from the official OpenAI website.

The issue originated from a supply chain attack on March 31. Axios, a JavaScript HTTP library with over 70 million weekly downloads, was targeted by attackers who used a compromised maintainer account to release two malicious versions (1.14.1 and 0.30.4). These malicious versions injected a fake dependency called plain-crypto-js, which automatically downloaded a remote access trojan (RAT) during installation, affecting macOS, Windows, and Linux platforms. Microsoft attributed this attack to the North Korean hacking group Sapphire Sleet.

OpenAI’s GitHub Actions workflows automatically pulled the malicious versions when building macOS applications, and these workflows had access to the application signing certificates. OpenAI’s analysis suggests that the certificates were likely not successfully stolen, but as a precaution, they rotated the certificates and collaborated with Apple to block the old certificate’s notarization channels. Currently, there is no evidence of user data leaks, system intrusions, or software tampering, and passwords and API keys remain unaffected.

The root cause was a configuration issue in the workflow: it used floating version tags instead of fixed commit hashes when referencing dependencies, and did not set a minimumReleaseAge (a cooldown period after new packages are released), which caused the malicious versions to be automatically included in builds as soon as they were released.