GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps.
As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The following versions of GitHub Desktop for Mac have been invalidated: 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.1.0, 3.1.1, and 3.1.2.
Versions 1.63.0 and 1.63.1 of Atom are also expected to stop working as of February 2, 2023, requiring that users downgrade to a previous version (1.60.0) of the source code editor. Atom was officially discontinued in December 2022. GitHub Desktop for Windows is not affected.
The Microsoft-owned subsidiary said it detected unauthorized access to a set of repositories, including those from deprecated GitHub-owned organizations, used in the planning and development of GitHub Desktop and Atom on December 7, 2022.
images from Hacker News