Apple Releases Firmware Update to Fix Magic Keyboard Vulnerability
Apple has released a firmware update for the Magic Keyboard, addressing a vulnerability that allowed potential attackers to inject keystrokes via Bluetooth. The issue was originally discovered in December 2023 by SkySafe engineer Marc Newlin, who warned that an attacker within Bluetooth range could exploit the bug without authentication.
According to Newlin, an attacker only needed a Linux machine and a standard Bluetooth adapter to carry out the attack. He also noted that devices running Android and Linux were susceptible to this flaw as well.
βAn attacker nearby could connect to a vulnerable device via Bluetooth without authentication and inject keystrokes, for example, to install apps, execute arbitrary commands, send messages, and more,β the researcher explained. He added that a vulnerable device could be tricked into connecting to a fake keyboard without confirmation, bypassing authentication. On macOS and iOS, the attack could be performed even when the device was locked, as long as Bluetooth was enabled and the Magic Keyboard was paired.
βIn practice, a Mac can be attacked when the user disconnects the Magic Keyboard after pairing or charging, and an iPhone can be attacked when the user connects to a paired Magic Keyboard,β Newlin wrote.
Apple engineers have now released an updated firmware version for the Magic Keyboard (version 2.0.6), which fixes the vulnerability tracked as CVE-2024-0230. However, in its official notice, Apple did not mention that the vulnerability could be used for keystroke injection.
βAn attacker with physical access to the accessory may be able to extract the Bluetooth pairing key and monitor Bluetooth traffic,β Apple stated.
The new firmware version is available for the Magic Keyboard, Magic Keyboard (2021), as well as Magic Keyboard with Numeric Keypad, Touch ID, or Touch ID and Numeric Keypad.
According to Newlin, the update does indeed resolve the issue: βA quick analysis showed that Apple has fixed the CVE-2024-0230 issue, which exploited the Magic Keyboard via Lightning and Bluetooth,β the expert wrote.