Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic

/ / Published in RSS blog posts

Cyber Security BlogsApple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware.

Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230.

The flaw is a session management issue that can be exploited by an attacker with physical access to the accessory to extract its Bluetooth pairing key and spy on the Bluetooth traffic.

The IT giant addressed the flaw with improved checks.

“An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.” reads the advisory published by the company.

The vulnerability was discovered by Marc Newlin of SkySafe.

An attacker in close proximity to a victim can exploit unauthenticated Bluetooth to connect to a susceptible device and inject keystrokes, enabling actions like installing apps, executing arbitrary commands, forwarding messages, and more.

“The vulnerabilities work by tricking the Bluetooth host state-machine into pairing with a fake keyboard without user-confirmation. The underlying unauthenticated pairing mechanism is defined in the Bluetooth specification, and implementation-specific bugs expose it to the attacker.” explained Newlin. “Unpatched devices are vulnerable under the following conditions:

Android devices are vulnerable whenever Bluetooth is enabled

Linux/BlueZ requires that Bluetooth is discoverable/connectable

iOS and macOS are vulnerable when Bluetooth is enabled and a Magic Keyboard has been paired with the phone or computer”

The Magic Keyboard Firmware Update 2.0.6 is available for: Magic Keyboard; Magic Keyboard (2021); Magic Keyboard with Numeric Keypad; Magic Keyboard with Touch ID; and Magic Keyboard with Touch ID and Numeric Keypad.

The researcher pointed out that the Lockdown Mode does not prevent attacks from exploiting this flaw

It’s unclear if the flaw has been exploited in attacks in the wild.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Bluetooth)

Read More

What you can read next

7 best practices for tackling dangerous emails
From Email to RAT: Deciphering a VB Script-Driven Campaign
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Leave a Reply

Your email address will not be published. Required fields are marked *