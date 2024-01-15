Apple has rolled out a significant security update for its Magic Keyboard, escalating its firmware version to 2.0.6. The update is a crucial corrective measure addressing a security vulnerability that posed a potential risk to users' privacy and data security.
Addressing a Bluetooth Vulnerability
The vulnerability in question, identified as CVE-2024-0230, was found in the previous versions of the Magic Keyboard firmware. It allowed an attacker with physical access to the keyboard to extract the Bluetooth pairing key. The attacker could then monitor Bluetooth traffic, which could potentially include sensitive data such as keystrokes.
Low Probability, High Impact
While the likelihood of a successful attack may seem low and akin to a plot from a high-tech thriller, the vulnerability was nevertheless a tangible threat. This security flaw was discovered by Marc Newlin of SkySafe and could provide an attacker the ability to inject keystrokes and execute commands.
Automatic Update for Increased User Convenience
Apple has ensured that the firmware update is delivered seamlessly and automatically to Magic Keyboards, while they are actively paired with devices running macOS, iOS, iPadOS, or tvOS. This means there is no manual installation required, making the update process user-friendly while ensuring the security of the users' devices. Users can verify their Magic Keyboard's firmware version by accessing the System Settings and Bluetooth options on their Mac or using an Option-click on the Bluetooth icon in the menu bar.
The release of the Magic Keyboard Firmware Update 2.0.6 is a testament to Apple's commitment to digital security, even in the face of low-probability threats. It serves as a reminder of the ever-growing importance of digital security in our increasingly interconnected world.