Delhi | 25°C (windy) | Air: 185%

Apple patches security flaw that allowed Magic Keyboard Bluetooth connections to be faked

  • Nishadil
  • January 11, 2024
  • 0 Comments
  • 1 minutes read
  • 5 Views
Apple patches security flaw that allowed Magic Keyboard Bluetooth connections to be faked

Affiliate Disclosure If you buy through our links, we may get a commission. Read our ethics policy . Apple patches security flaw that allowed Magic Keyboard Bluetooth connections to be faked Mike Wuerthele | Jan 11, 2024 An Apple Magic Keyboard 0 Facebook x.com Reddit The now patched vulnerability was disclosed to Apple and Google in August 2023, and disclosed publicly in December by security researcher Marc Newlin.

At the time, Newlin said he had been investigating and then reporting unauthenticated Bluetooth keystroke injection vulnerabilities in macOS and iOS for months. The patch is available for both the regular and extended Magic Keyboard, both with and without Touch ID . No user action is required, and Apple says that the 2.0.6 patch will automatically apply itself when a Magic Keyboard is paired to an Apple device.

The vulnerability allowed a user with one time physical access to a Bluetooth keyboard, like the Magic Keyboard, to figure out the Bluetooth pairing key. Once obtained, an assailant nearby could trick the Bluetooth host into pairing with a fake keyboard without user confirmation. Once an assailant is faking that Magic Keyboard connection to a Mac, they can enter keystrokes at will.

They obviously can't do anything that requires user authentication with a password or a Touch ID verification, but otherwise they can launch apps, read messages, and download files. The keystrokes entered were visible to the user, and so were actions taken like launching apps or entering command combinations..