CVE-2024-0230

LOW

Magic Keyboard Firmware <2.0.6 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-0230. PoCs published by keldnorman.

AI-analyzed exploit summary This repository contains a functional exploit script for CVE-2024-0230, a Bluetooth vulnerability. The script automates the process of scanning for nearby Bluetooth devices, filtering out excluded MAC addresses, and executing a keystroke injection attack using a referenced external tool.

Description

A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.

Exploits (1)

nomisec WORKING POC 4 stars
by keldnorman · poc
https://github.com/keldnorman/cve-2024-0230-blue

This repository contains a functional exploit script for CVE-2024-0230, a Bluetooth vulnerability. The script automates the process of scanning for nearby Bluetooth devices, filtering out excluded MAC addresses, and executing a keystroke injection attack using a referenced external tool.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Bluetooth-enabled devices (specific version not specified)
No auth needed
Prerequisites: root access · Bluetooth hardware · Python3 with BlueZ and PyDBus libraries
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 2.4
EPSS 0.0122
EPSS Percentile 64.9%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (2)
Apple/Magic Keyboard Firmware < 2.0.6
apple/magic_keyboard_firmware < 2.0.6
Published Jan 12, 2024
Tracked Since Feb 18, 2026