Lucene search

K
appleAppleAPPLE:F35FF0BF257E81060BD98E8D63888370
HistoryJan 09, 2024 - 12:00 a.m.

About the security content of Magic Keyboard Firmware Update 2.0.6

2024-01-0900:00:00
support.apple.com
6
magic keyboard
firmware update
bluetooth
security
cve-2024-0230
session management

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

About the security content of Magic Keyboard Firmware Update 2.0.6

This document describes the security content of Magic Keyboard Firmware Update 2.0.6.

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

Magic Keyboard Firmware Update 2.0.6

Released January 9, 2024

Bluetooth

Available for: Magic Keyboard; Magic Keyboard (2021); Magic Keyboard with Numeric Keypad; Magic Keyboard with Touch ID; and Magic Keyboard with Touch ID and Numeric Keypad

Impact: An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic

Description: A session management issue was addressed with improved checks.

CVE-2024-0230: Marc Newlin of SkySafe

Firmware updates are automatically delivered in the background while the Magic Keyboard is actively paired to a device running macOS, iOS, iPadOS, or tvOS.

You can check the firmware version of your Magic Keyboard in Bluetooth settings on your Mac. Go to System Settings > Bluetooth, then click on the Info button next to your keyboard. After this firmware update is installed, the firmware version is 2.0.6.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: January 11, 2024

Affected configurations

Vulners
Node
applemagic_keyboardRange<2.0.6
CPENameOperatorVersion
magic keyboard firmware updatelt2.0.6

2.4 Low

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

Related for APPLE:F35FF0BF257E81060BD98E8D63888370