GitHub Hacked, Desktop App Needs Update
GitHub reported that it detected unauthorized intrusion into repositories related to ' GitHub Desktop ' and ' Atom '. GitHub has invalidated the certificate and is calling for users of GitHub Desktop and Atom for macOS to apply the update.
Action needed for GitHub Desktop and Atom users | The GitHub Blog
According to GitHub, the attack occurred on December 6, 2022, and the attacker cloned the GitHub Desktop and Atom development repositories using an unauthorized personal access token . GitHub detected the attack the next day and began disabling compromised credentials and investigating the impact on users and internal systems. Investigation revealed that the illegally cloned repositories contained no user data.
Although no user data was compromised, it remains possible that the attackers abused the code-signing certificate . If the code signing certificate is abused, there is a risk that attackers can distribute malicious software under the guise of GitHub software. For this reason, GitHub has decided to revoke two certificates for Windows and one certificate for macOS on February 2, 2023.
Older versions of GitHub Desktop for macOS will stop working on February 2, 2023, due to the certificate revocation. Therefore, users of this version should update to the latest version. Affected versions are:
You can check the update procedure for GitHub Desktop for macOS on the following page.
How to update GitHub Desktop - GitHub Docs
Atom versions 1.63.1 and 1.63.0 will also be deprecated on February 2, 2023. However, since development of Atom has already ended and new versions will not be provided, users who want to continue using Atom must downgrade to version 1.60.0 .
According to GitHub, users of GitHub Desktop for Windows will not be affected. Also, no impact on GitHub.com has been confirmed.
in Software, Web Service, Security, Posted by log1o_hf