OpenAI Forces macOS App Update After TanStack Supply‑Chain Attack Compromises Signing Keys
What Happened – A supply‑chain compromise of the popular open‑source library TanStack injected credential‑stealing code into 84 npm packages. The malicious artifacts were used to corrupt the code‑signing certificates for OpenAI’s macOS applications, prompting OpenAI to require all macOS users to install a signed update by June 12. Two internal employee devices were briefly accessed, resulting in limited credential exfiltration from source‑code repositories.
Why It Matters for TPRM –
- Compromise of signing keys can enable forged software that bypasses native OS protections, exposing downstream customers.
- Supply‑chain attacks on widely‑used developer libraries illustrate the risk of third‑party dependencies in critical AI products.
- Even limited credential theft from internal repos can lead to privilege escalation and further lateral movement.
Who Is Affected – Technology / SaaS vendors that distribute signed desktop clients (macOS), AI platform providers, and any organization that integrates TanStack or related npm/PyPI packages.
Recommended Actions –
- Verify that all third‑party libraries in your software‑bill of materials (SBOM) are free of known compromises.
- Require vendors to provide proof of re‑signed binaries and updated code‑signing certificates.
- Review credential rotation and session revocation processes for any third‑party integrations.
Technical Notes – The attack leveraged a third‑party dependency vector (malicious TanStack npm artifacts) to inject credential‑stealer payloads, leading to signing‑key corruption for OpenAI macOS apps. No customer data was confirmed stolen; only limited internal credentials were exfiltrated. OpenAI has rotated certificates, revoked sessions, and audited notarizations. Source: The Record