Magic Keyboard Firmware Vulnerability Update

[visibleman]

Given it's security related i thought folks should know/might find this helpful.
Apple have released (yesterday) a firmware update 2.0.6 for Magic keyboards (standard, numeric, Touch-ID and Touch-ID + numeric) that fixes a Bluetooth pairing vulnerability CVE-2024-0230 -

Available for: Magic Keyboard; Magic Keyboard (2021); Magic Keyboard with Numeric Keypad; Magic Keyboard with Touch ID; and Magic Keyboard with Touch ID and Numeric Keypad

Impact: An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic

Description: A session management issue was addressed with improved checks.

CVE-2024-0230: Marc Newlin of SkySafe

Keyboard should automatically update but sometimes requires a repairing of the device (forget, then connect keyboard) to force it.
You can find out the current version by either going to Bluetooth settings and then clicking 'info' icon or, by pressing and holding Option key + click system bar Bluetooth icon (similar to extended WIFI info with the WIFI icon).

* Mods, feel free to stick this elsewhere if need be.

 

[visibleman]

That's the kicker. Nobody's getting access to mine

Unlikely vulnerability to happen for the majority but worth while making sure it's updated either way.

For those that are even remotely interested, Marc Newlin has a bit more on his GitHub and has suggested it's possible to intercept the keys if a keyboard is unauthenticated - in theory attacker doesn't need to have physical access but rather be in range (still extremely close to the device). Be interested to see a proof of concept though.
Newlin also found other vulnerabilities with MacOS/iOS Bluetooth stacks (as well as other OS's) but have been patched the latest versions (although not yet iOS 16 and below, MacOS 13 and below).