Malicious Axios package forces OpenAI to invalidate older macOS app versions

OpenAI rotated its macOS code‑signing certificate and released updated app versions after discovering that a compromised Axios library had been pulled into its app‑signing workflow. The malicious Axios 1.14.1 package was part of a broader supply‑chain attack, and although OpenAI found no evidence that its signing certificate was exfiltrated, it treated it as compromised out of caution. Older macOS versions of ChatGPT Desktop, Codex, Codex‑cli, and Atlas will stop receiving updates and may stop functioning after May 8, 2026. OpenAI says user data remains safe, but all macOS users should update immediately to ensure protection.

Read the full story on TechRadar →