Apple fixes vulnerability in Magic Keyboard with firmware update

A Apple silently released, last Tuesday (9/1), a firmware update (2.0.6) which fixes a vulnerability in the connection Bluetooth do Magic Keyboard.

Identified at the beginning of last month by the engineer Marc Newlinit allowed attackers with physical access to the keyboard to obtain the accessory’s Bluetooth pairing key, which obviously has serious privacy implications.

According to Apple, if a malicious person gained access to this key, they could, for example, monitor the user’s Bluetooth traffic. The vulnerability was registered with the code CVE-2024-0230.

The update is available for the following Apple keyboard models: Magic Keyboard, Magic Keyboard (2021), Magic Keyboard with numeric keypad, Magic Keyboard com Touch ID e Magic Keyboard with Touch ID and numeric keypad. In the update description, the company said that “a session management issue was resolved with improved checks.”

There is no way to install the update manually. According to Apple, it will install automatically, in the background, as long as the Magic Keyboard is actively paired with a device running macOS, iOS, iPadOS, or tvOS.

To check the firmware version installed on your keyboard, open System Settings on a Mac, select “Bluetooth” and click on the information button next to your Magic Keyboard, which is represented by an icon with an “i” .

TRANSPARENCY NOTE: MacMagazine receives a small commission on sales completed through links in this post, but you, as a consumer, pay nothing more for the products by purchasing through our affiliate links.