Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

GitHub Revokes Code Signing Certificates Following Cyberattack

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Code hosting platform GitHub on Monday announced the revocation of three digital certificates used for the GitHub Desktop and Atom applications.

The three certificates were stolen on December 6, 2022, after an unauthorized third-party used a compromised Personal Access Token (PAT) for a machine account to clone repositories from Atom, GitHub Desktop, and other deprecated GitHub-owned organizations. GitHub revoked the compromised credentials on December 7. 

“After a thorough investigation, we have concluded there was no risk to GitHub.com services as a result of this unauthorized access and no unauthorized changes were made to these projects,” the company says.

According to GitHub, the cloned repositories did not contain customer data, but several encrypted code signing certificates for use via Actions in GitHub Desktop and Atom release workflows were stored in them.

“The certificates were password-protected and we have no evidence of malicious use. As a preventative measure, we will revoke the exposed certificates used for the GitHub Desktop and Atom applications,” GitHub says.

The Microsoft-owned platform explains that the certificate revocation will invalidate some versions of GitHub Desktop for Mac and Atom, but will have no impact on GitHub Desktop for Windows.

Specifically, GitHub Desktop for Mac versions 3.0.2 to 3.1.2 and Atom versions 1.63.0 and 1.63.1 will stop working. GitHub Desktop for Mac users will need to update to the latest release, while Atom users will need to download a previous Atom version (Atom versions 1.63.0-1.63.1 have already been removed from the releases page).

“On Thursday, February 2, 2023, we will revoke the Mac & Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-1.63.1. Once revoked, all versions signed with these certificates will no longer function,” GitHub announced.

Advertisement. Scroll to continue reading.

Because the stolen certificates do not appear to have been decrypted by the threat actor, they do not pose a risk to the existing GitHub Desktop and Atom installations but, if decrypted, they could allow the attackers to sign unofficial applications and pretend they were released by GitHub.

The impacted certificates include two Digicert certificates for Windows and one Apple Developer ID certificate. One Digicert certificate expired on January 4, while the other will expire on February 1. The Apple Developer ID certificate is valid until 2027.

“On January 4, 2023, we published a new version of the Desktop app. This version is signed with new certificates that were not exposed to the threat actor,” GitHub notes.

Related: Attackers Can Abuse GitHub Codespaces for Malware Delivery

Related: GitHub Introduces Automatic Vulnerability Scanning Feature

Related: GitHub Announces Free Secret Scanning, Mandatory 2FA

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Edge Delta has appointed Joan Pepin as its Chief Information Security Officer.

Vats Srivatsan has been appointed interim CEO of WatchGuard after Prakash Panjwani stepped down.

Network security policy management firm FireMon has appointed Alex Bender as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.