CVE-2024-0230

Name of the Vulnerable Software and Affected Versions Magic Keyboard versions prior to 2.0.6

Description A session management issue was addressed with improved checks. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic. The issue is related to the management of user sessions and can be exploited to gain unauthorized access to Bluetooth traffic.

Recommendations For Magic Keyboard versions prior to 2.0.6, update to Magic Keyboard Firmware Update 2.0.6 to fix the issue. As a temporary workaround, consider restricting physical access to the accessory to minimize the risk of exploitation.