OpenAI flags third-party data issue — all macOS users should update now

OpenAI rotated certificates out of an abundance of caution

News By Sead Fadilpašić published 13 April 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

An account already exists for this email address, please log in. Subscribe to our newsletter

• OpenAI rotated macOS code‑signing certificate after Axios supply chain breach
• Malicious Axios 1.14.1 pulled into app‑signing workflow
• No evidence of data theft, but older app versions deprecated

OpenAI recently rotated its macOS code signing certificate and pushed new versions of macOS products as a proactive measure against potential malware attacks.

When an app is signed with a valid developer certificate (like OpenAI’s), the system assumes the developer is verified, the app hasn’t been tampered with, and that it’s safe to run. Having malware signed with one of these certificates almost guarantees it will bypass protections and will be allowed to run on the endpoint.

In an update published late last week, the popular AI company said it observed a breach at Axios, a third-party developer tool it uses, in late March this year. Axios is a JavaScript library used to send HTTP requests (it allows apps to talk to servers). It was compromised, and a malicious version - 1.14.1 - was pushed.

Article continues below

The attack was apparently part of a broader software supply chain attack, it was said. At the time, OpenAI used a GitHub Actions workflow in the macOS app-signing process, which downloaded and executed that malicious version.

User data is safe

“This workflow had access to a certificate and notarization material used for signing macOS applications, including ChatGPT Desktop, Codex, Codex-cli, and Atlas,” OpenAI explained.

While the company’s incident analysis determined that the signing certificate was “likely not successfully exfiltrated”, it still treated it as compromised and decided for a rotation.

“Effective May 8, 2026, older versions of our macOS desktop apps will no longer receive updates or support, and may not be functional,” OpenAI warned. “These versions represent the earliest releases signed with our updated certificate:

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors