Apple Fixes Session Management Issue in Magic Keyboard Firmware Update 2.0.6

CVE-2024-0230

2.4LOW

Key Information

Vendor: Apple
Status: Magic Keyboard Firmware Update
Vendor: CVE Published:; 12 January 2024

Badges

👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.

Affected Version(s)

Magic Keyboard Firmware Update < 2.0.6

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2024-0230-blue
Created by keldnorman

News Articles

CSO Online

CVE-2023-45866CVE-2024-0230

New Bluetooth vulnerability allows takeover of iOS, Android, Linux, and MacOS devices

Security researcher Marc Newlin shared how he discovered the Bluetooth bug that leaves keyboards vulnerable to injection attacks that can allow attackers to take over user devices.

10 months ago

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit exists.
May 22, 2024
First article discovered by CSO Online
Jan 17, 2024
Vulnerability published.
Jan 12, 2024
Vulnerability Reserved.
Jan 3, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)1 News Article(s)