Apple on Tuesday released Magic Keyboard firmware version 2.0.6 with a fix for a Bluetooth-related security vulnerability.
"An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic," an Apple support document says.
The firmware update is available for various Magic Keyboard models for the Mac, including the standard Magic Keyboard, Magic Keyboard with Numeric Keypad, Magic Keyboard with Touch ID, and Magic Keyboard with Touch ID and Numeric Keypad.
Magic Keyboard firmware updates are automatically installed while the keyboard is paired to a device running macOS, iOS, iPadOS, or tvOS, with no way to manually apply an update. To check a Magic Keyboard's firmware version on a Mac, open the System Settings app, click Bluetooth, and click on the info button next to your keyboard.
Apple's full security disclosure:
Available for: Magic Keyboard; Magic Keyboard (2021); Magic Keyboard with Numeric Keypad; Magic Keyboard with Touch ID; and Magic Keyboard with Touch ID and Numeric Keypad
Impact: An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic
Description: A session management issue was addressed with improved checks.
CVE-2024-0230: Marc Newlin of SkySafe
This is the first firmware update for some Magic Keyboard models in several years, according to MacRumors contributor Aaron Perris.
Source: Macrumors