OpenAI Sets June 12 Deadline for Mac App Updates After Supply Chain Attack

OpenAI has issued an urgent directive to users of its macOS applications, including the popular ChatGPT desktop client, to update their software by June 12, 2026. The mandate follows a software supply chain attack in mid-May that compromised two employee devices and potentially exposed the company's private software signing certificates. The incident, which OpenAI disclosed on May 13, stemmed from a vulnerability in the Tanstack open-source software library, a widely used tool for web development. According to security researchers, an attacker published 84 malicious versions across 42 different Tanstack software packages to the public npm registry on May 11. These poisoned packages contained malware designed to steal developer login credentials for cloud computing accounts. Although the malicious software was identified and removed from the registry within approximately 20 minutes, the brief window of exposure was sufficient for some systems to become infected. Tanstack issued a warning that any machine where an affected version was installed during that period must be treated as potentially compromised. OpenAI confirmed that two of its employee devices, which had access to the company's corporate environment, downloaded and installed the malicious Tanstack versions. An internal investigation subsequently detected what the company described as “activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access.” The primary risk identified in the breach was the potential exposure of private signing certificates. These digital certificates are used by software developers to sign their applications, cryptographically proving to operating systems like macOS that the software is authentic and has not been tampered with. The compromised source code repositories contained signing certificates for OpenAI's products on macOS, Windows, and iOS. If an attacker were to steal these certificates, they could sign their own malicious software, making it appear to be a legitimate and trustworthy application from OpenAI. This would allow the malware to bypass built-in operating system security protections that are designed to block unverified code. Following a thorough internal review, OpenAI stated that it found no evidence that the signing certificates were successfully stolen or that any malicious software was ever signed with them. The company also reported that its investigation found no indication of unauthorized access to user data, tampering with its production systems, or theft of its intellectual property. User passwords and API keys were not affected. OpenAI traced the vulnerability to a misconfiguration within a GitHub Actions workflow, a tool used for automating software development processes, and has since corrected the issue. The company noted that the two affected employee devices had not yet received updated internal security protections that have since been deployed more widely to mitigate future supply chain threats. As a precautionary measure, OpenAI is rotating all of its code-signing certificates. While this process is being handled seamlessly for Windows and iOS users, it necessitates a mandatory update for users on macOS. The affected Mac applications include ChatGPT Desktop, Codex, Codex-cli, and Atlas. The company set the June 12 deadline to provide a grace period for users to update, thereby preventing technical disruptions. An immediate revocation of the old certificates could cause Apple's notarization system to block new downloads and first-time launches of apps signed with the previous certificate. By giving users until June 12, OpenAI aims to ensure a smooth transition through in-app update mechanisms. After this date, the old certificates will be fully revoked. As a result, Apple's macOS security protections will automatically block any new downloads or first-time launches of OpenAI applications that are still signed with the compromised certificate. This effectively makes the update mandatory for anyone wishing to continue using the software on a Mac. This incident is a stark reminder of the hidden operational risks embedded in modern software development. Many small and mid-sized businesses rely on dozens of software tools, each with its own complex web of third-party dependencies that are often invisible to the end user. A vulnerability in a single, obscure library can cascade into a significant security event, disrupting operations and potentially exposing sensitive company data. In our experience, most companies lack a formal process for vetting the security posture of their software vendors or understanding the supply chain risks they inherit. This isn't just an IT problem; it's a core business continuity issue that can have direct financial consequences. Proactive financial risk management involves identifying and mitigating these operational threats before they lead to costly downtime or data breaches. For guidance on assessing and managing these complex software supply chain risks, contact C&S Finance Group LLC at csfinancegroup.com. The episode underscores the growing threat posed by software supply chain attacks, which target widely used open-source components to amplify their impact across numerous downstream organizations. Security experts and business leaders will be closely watching for similar attacks and will likely increase pressure on software vendors to provide greater transparency into their security practices and dependency management. For OpenAI, successfully navigating this certificate rotation and user update process without major disruption will serve as a critical test of its security posture and its readiness for the enterprise market.