CVE-2024-0230: An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic in Apple Magic Keyboard Firmware
CVE-2024-0230 is a low-severity vulnerability in Apple Magic Keyboard firmware that allows an attacker with physical access to the device to extract its Bluetooth pairing key and monitor Bluetooth traffic. The issue stems from a session management flaw that has been addressed in Magic Keyboard Firmware Update 2. 0. 6. Firmware updates are automatically applied in the background when the keyboard is paired with an Apple device running macOS, iOS, iPadOS, or tvOS. Users can verify the installed firmware version in their Bluetooth settings. This vulnerability does not affect availability or integrity and requires physical access to the keyboard.
AI Analysis
Technical Summary
This vulnerability involves a session management issue in the Apple Magic Keyboard firmware that could allow an attacker with physical access to extract the Bluetooth pairing key and monitor Bluetooth communications. Apple fixed this issue by improving session management checks in Magic Keyboard Firmware Update 2.0.6, released on January 9, 2024. The update is automatically delivered to devices paired with the keyboard. The CVSS v3.1 base score is 2.4, reflecting low severity due to the requirement of physical access and limited impact on confidentiality only.
Potential Impact
An attacker with physical access to the affected Magic Keyboard may extract its Bluetooth pairing key, enabling them to monitor Bluetooth traffic between the keyboard and paired devices. The confidentiality of Bluetooth communications could be compromised. There is no impact on integrity or availability. The vulnerability requires physical access to the accessory, limiting the attack scope.
Mitigation Recommendations
Apple has released Magic Keyboard Firmware Update 2.0.6, which addresses this vulnerability by improving session management checks. Firmware updates are automatically delivered in the background when the keyboard is actively paired with a device running macOS, iOS, iPadOS, or tvOS. Users should ensure their Magic Keyboard firmware is updated to version 2.0.6 or later by checking the firmware version in Bluetooth settings (System Settings > Bluetooth > Info button next to the keyboard). No additional user action is required beyond applying this update.
CVE-2024-0230: An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic in Apple Magic Keyboard Firmware
Description
CVE-2024-0230 is a low-severity vulnerability in Apple Magic Keyboard firmware that allows an attacker with physical access to the device to extract its Bluetooth pairing key and monitor Bluetooth traffic. The issue stems from a session management flaw that has been addressed in Magic Keyboard Firmware Update 2. 0. 6. Firmware updates are automatically applied in the background when the keyboard is paired with an Apple device running macOS, iOS, iPadOS, or tvOS. Users can verify the installed firmware version in their Bluetooth settings. This vulnerability does not affect availability or integrity and requires physical access to the keyboard.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a session management issue in the Apple Magic Keyboard firmware that could allow an attacker with physical access to extract the Bluetooth pairing key and monitor Bluetooth communications. Apple fixed this issue by improving session management checks in Magic Keyboard Firmware Update 2.0.6, released on January 9, 2024. The update is automatically delivered to devices paired with the keyboard. The CVSS v3.1 base score is 2.4, reflecting low severity due to the requirement of physical access and limited impact on confidentiality only.
Potential Impact
An attacker with physical access to the affected Magic Keyboard may extract its Bluetooth pairing key, enabling them to monitor Bluetooth traffic between the keyboard and paired devices. The confidentiality of Bluetooth communications could be compromised. There is no impact on integrity or availability. The vulnerability requires physical access to the accessory, limiting the attack scope.
Mitigation Recommendations
Apple has released Magic Keyboard Firmware Update 2.0.6, which addresses this vulnerability by improving session management checks. Firmware updates are automatically delivered in the background when the keyboard is actively paired with a device running macOS, iOS, iPadOS, or tvOS. Users should ensure their Magic Keyboard firmware is updated to version 2.0.6 or later by checking the firmware version in Bluetooth settings (System Settings > Bluetooth > Info button next to the keyboard). No additional user action is required beyond applying this update.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- apple
- Date Reserved
- 2024-01-03T22:26:44.836Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683f034b182aa0cae27e666e
Added to database: 6/3/2025, 2:14:35 PM
Last enriched: 4/9/2026, 10:56:18 PM
Last updated: 5/8/2026, 7:43:29 PM
Views: 91
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.