Security News > 2023 > January > GitHub revokes code signing certificates stolen in repo hack

GitHub revokes code signing certificates stolen in repo hack
2023-01-30 18:27

GitHub says unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories.

GitHub has found no evidence that the password-protected certificates were used for malicious purposes.

The compromised certificates will be revoked to invalidate the GitHub Desktop for Mac and Atom versions signed using them.

Once expired, these certificates can no longer be used to sign code.

GitHub has removed the latest two Atom app versions from the releases page and will revoke the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-1.63.1 on February 2.

Once the certificates are revoked, all app versions signed with the compromised certificates will no longer function.


News URL

https://www.bleepingcomputer.com/news/security/github-revokes-code-signing-certificates-stolen-in-repo-hack/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90