About the security content of Magic Keyboard Firmware Update 2.0.6 – Apple Support

About the security content of Magic Keyboard Firmware Update 2.0.6 - Apple Support

January 11, 2024 at 09:07AM

A session management issue (CVE-2024-0230) impacting Bluetooth accessories was addressed with improved checks. The update, released on January 9, 2024, mitigates the risk of attackers extracting Bluetooth pairing keys and monitoring traffic. Affected products include various Magic Keyboards, with an available update to address the issue.

Based on the meeting notes, the takeaways are as follows:

Release Date: 2024-01-09
CVE number: CVE-2024-0230
Issue: A session management issue was addressed with improved checks.
Impact: An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.
Affected product: Bluetooth
Update available for: Magic Keyboard; Magic Keyboard (2021); Magic Keyboard with Numeric Keypad; Magic Keyboard with Touch ID; and Magic Keyboard with Touch ID and Numeric Keypad

Let me know if you need any further information or assistance.

Full Article