Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware.
Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230.
The flaw is a session management issue that can be exploited by an attacker with physical access to the accessory to extract its Bluetooth pairing key and spy on the Bluetooth traffic.
The IT giant addressed the flaw with improved checks.
“An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.” reads the advisory published by the company.
The vulnerability was discovered by Marc Newlin of SkySafe.
An attacker in close proximity to a victim can exploit unauthenticated Bluetooth to connect to a susceptible device and inject keystrokes, enabling actions like installing apps, executing arbitrary commands, forwarding messages, and more.
“The vulnerabilities work by tricking the Bluetooth host state-machine into pairing with a fake keyboard without user-confirmation. The underlying unauthenticated pairing mechanism is defined in the Bluetooth specification, and implementation-specific bugs expose it to the attacker.” explained Newlin. “Unpatched devices are vulnerable under the following conditions:
- Android devices are vulnerable whenever Bluetooth is enabled
- Linux/BlueZ requires that Bluetooth is discoverable/connectable
- iOS and macOS are vulnerable when Bluetooth is enabled and a Magic Keyboard has been paired with the phone or computer”
The Magic Keyboard Firmware Update 2.0.6 is available for: Magic Keyboard; Magic Keyboard (2021); Magic Keyboard with Numeric Keypad; Magic Keyboard with Touch ID; and Magic Keyboard with Touch ID and Numeric Keypad.
The researcher pointed out that the Lockdown Mode does not prevent attacks from exploiting this flaw
It’s unclear if the flaw has been exploited in attacks in the wild.
(SecurityAffairs – hacking, Bluetooth)