AppImage depending on the distribution you're running. Keep threats off your devices by downloading Malwarebytes today.Currently, Github Desktop for GNU/Linux is not officially supported by the GitHub, but there is a fork that hosts a version for Debian/Ubuntu & Red Hat/CentOS/Fedora distributions.ġ) Go to this link and look for the latest release (whatever present at the top)Ģ) Scroll down to the Assets section, click it to expand and see the downloadables.ģ) Download the. We don’t just report on threats-we remove themĬybersecurity risks should never spread beyond a headline. They are also working with Apple to monitor for any new executable files (like applications) signed with the exposed Apple Developer ID certificate until said certificate is revoked on February 2. GitHub actionsīesides a thorough investigation and revoking the three certificates, GitHub has removed the two affected versions of the Atom app (1.63.0-1.63.1) from the releases page. During the unauthorized access which took place on December 6, 2022, repositories from the Atom, Desktop, and other deprecated GitHub-owned organizations were cloned by a compromised Personal Access Token (PAT) associated with a machine account. After investigation, no unauthorized changes were found, but a set of encrypted code signing certificates were exfiltrated. On December 7, 2022, GitHub detected unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom. The Apple Developer ID certificate is valid until 2027. The Digicert certificates had a short lifespan left and as a result they would have been unusable to sign code after Februanyway. To prevent that from happening, GitHub will revoke three specific certificates-two Digicert code signing certificates used for Windows and one Apple Developer ID certificate. Revoking these certificates does not put existing installations of the Desktop and Atom apps at risk.Įven though the certificates were password-protected and there has been no evidence of malicious use, GitHub does not want to take the risk of a threat actor signing unofficial applications with these certificates and pretend that they were officially created by GitHub. By revoking a certificate it can no longer be used to sign new code. CertificatesĬertificates are used to verify the author of the software or code. Users of these versions are asked to update to the latest version of Desktop. There is and will be no newer version, since Atom has not had significant feature development for the past years and sunset was announced for December 15, 2022.Īffected versions of GitHub Desktop for Mac are 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.1.0, 3.1.1, and 3.1.2. To keep using Atom, users will need to download a previous Atom version. The affected versions of Atom are 1.63.0 and 1.63.1. There will be no impact to GitHub Desktop for Windows. Users of GitHub Desktop for Mac and Atom will need to take action before February 2, 2023. Revoking these certificates will invalidate some versions of GitHub Desktop for Mac and Atom. In a call to action, GitHub warned users of GitHub Desktop for Mac and Atom that it will revoke certificates which were exposed during unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |