OpenAI Urges Mac Users to Update ChatGPT Following Security Breach
OpenAI has recently identified a security vulnerability affecting its ChatGPT desktop application for macOS users. This issue stems from a supply chain attack that compromised the TanStack npm library, a widely utilized open-source resource. The breach, part of a broader campaign known as Mini Shai-Hulud, led to unauthorized access to two OpenAI employee devices. Despite this intrusion, OpenAI has confirmed that there is no evidence suggesting that user data, production systems, or intellectual property were compromised.
In response to the incident, OpenAI has taken immediate action by rotating its signing certificates and re-signing affected applications to prevent potential misuse of the exposed credentials. As a precautionary measure, the company is mandating that all macOS users update their OpenAI applications, including ChatGPT, by June 12, 2026. This update is crucial to ensure the integrity and security of the software, as the new certificates will help prevent any risk of malicious entities distributing counterfeit applications that appear to be from OpenAI.
Users can perform the necessary updates through the in-app update feature or by downloading the latest versions from OpenAI’s official website. The applications requiring updates include ChatGPT Desktop, Codex App, Codex CLI, and Atlas. OpenAI emphasizes the importance of these updates to maintain the security and privacy of user information.
This incident underscores the growing concerns surrounding the security of open-source libraries and the potential risks they pose to software supply chains. OpenAI’s proactive measures highlight the company’s commitment to transparency and swift action in addressing security vulnerabilities. Users are strongly encouraged to comply with the update requirements to safeguard their systems against potential threats.
