OpenAI Strengthens Security After Axios Library Compromise
OpenAI discovered a security breach linked to Axios, a third-party developer tool. The company reassured that user data and intellectual property remained secure and quickly addressed the issue. Amidst a broader supply chain attack, OpenAI swiftly updated their security protocols for macOS applications to avert any possible risks.
OpenAI announced on Friday that it had identified a security issue linked to a third-party developer tool, Axios, and is actively working to safeguard its macOS app certification process.
The ChatGPT developer reassured users that their data and intellectual property were not compromised and emphasized that no evidence has indicated unauthorized access or software alteration. In response, OpenAI has enhanced its security certifications and is prompting macOS users to update their apps to the latest versions as a precaution against counterfeit apps.
Axios, widely utilized in the developer community, was compromised on March 31 during a broader software supply chain attack by entities possibly linked to North Korea. This incident involved a GitHub Actions workflow used by OpenAI to integrate Axios, which allowed the execution of a 'malicious' variant. The attack indirectly accessed notarization materials but did not exfiltrate critical components. OpenAI stated that effective May 8, older app versions will lose support and may become non-functional, while emphasizing user credentials and API keys remained untouched due to an earlier misstep in GitHub Actions workflow configuration, which has since been remedied.
Google News