CVE-2024-0230

LOW

Magic Keyboard Firmware <2.0.6 - Info Disclosure

Title source: llm

Description

A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.

Exploits (1)

nomisec WORKING POC 4 stars

by keldnorman · poc

https://github.com/keldnorman/cve-2024-0230-blue

View Code ZIP pw:eip

References (3)

https://support.apple.com/en-us/120303

[Release Notes, Third Party Advisory] https://support.apple.com/en-us/HT214050

[Vendor Advisory] https://support.apple.com/kb/HT214050

Scores

CVSS v3 2.4

EPSS 0.0435

EPSS Percentile 89.0%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

Status published

Products (2)

Apple/Magic Keyboard Firmware < 2.0.6

apple/magic_keyboard_firmware < 2.0.6

Published Jan 12, 2024

Tracked Since Feb 18, 2026