We recommend users take action on the above recommendations to continue using GitHub Desktop and Atom,” said the organisation. “The security and trustworthiness of GitHub and the broader developer ecosystem is our highest priority. While their theft does not put existing installations of Desktop and Atom at risk, if the thief was able to decrypt them, they could start to sign their own applications – such as malware – with these certificates and make out that they were official GitHub applications. Meanwhile, versions 1.63.1 and 1.63.0 of Atom will also stop working on 2 February – to keep using it, users will need to roll back to a previous version.īy this point, said GitHub, both of the DigiCert certificates will have expired and as such could not have been used to sign code anyway, but the Apple certificate retains validity through 2027, so GitHub has been working with Apple to monitor any executables signed with it until it is revoked.Ĭode-signing certificates such as the three stolen in December are important because they prove that code was written by a listed author. We have no evidence that the threat actor was able to decrypt or use these certificates.”Īs a preventative measure, it will be revoking the exposed certificates used, which will invalidate various versions of GitHub Desktop and Atom.Īs such, Mac users of Desktop versions 3.1.2, 3.1.1, 3.1.0, 3.0.8, 3.0.7, 3.0.6, 3.0.5, 3.0.4, 3.0.3 and 3.0.2 must update by 2 February 2023 – there is no impact to Windows users. “However, several encrypted code-signing certificates were stored in these repositories for use via Actions in our GitHub Desktop and Atom release workflows. None of the affected repositories contained customer data. “Once detected on 7 December 2022, our team immediately revoked the compromised credentials and began investigating potential impact to customers and internal systems. “On 6 December 2022, repositories from our Atom, Desktop and other deprecated GitHub-owned organisations were cloned by a compromised personal access token (PAT) associated with a machine account,” the organisation said in a statement. Use the following command to extract the archived file.GitHub apparently became aware of the attack on 7 December 2022, but has waited almost two months to go public pending a thorough investigation, which has found “no risk” to GitHub services as a result, and no unauthorised changes made. The downloaded file will be an archived file (.zip) which needs to be extracted in order to install Atom. The following steps are used in installation of Atom on MacOS.ĭownload the zip file by official website of Atom by simply pasting the link the browser's search bar. In this tutorial, we will learn the installation process of Atom on MacOS. It can also be used as an integrated development environment(IDE). Its first version was released on 25th January, 2015. It is based upon electron which is a framework which can enable cross platform desktop applications using chromium and Node.js. It provides support for plugins written in Node.js. Next → ← prev How to Install Atom on MacOS IntroductionĪtom is a free and open source Text editor which can be used for Linux, Windows and MacOS.
0 Comments
Leave a Reply. |