CyberSecurityBoard
Sponsor Register Login

Apple Patches Keystroke Injection Vulnerability in Magic Keyboard

Apple this week announced Magic Keyboard firmware updates that patch a vulnerability potentially allowing attackers to inject keystrokes over Bluetooth.
The issue was disclosed in December by SkySafe software engineer Marc Newlin, who warned that an attacker within Bluetooth range could exploit the bug without authentication.
Newlin warned that an adversary would only need a Linux machine and a normal Bluetooth device to mount the attack, and that Android and Linux devices are also affected.
A vulnerable device, he explained, could be tricked into pairing with a fake keyboard without user confirmation, bypassing authentication.
On macOS and iOS, the engineer warned, the attack can be mounted even in Lockdown Mode, if Bluetooth is enabled and Magic Keyboard paired.
This week, Apple announced that the issue, tracked as CVE-2024-0230, has been addressed with the release of Magic Keyboard firmware version 2.0.6.
In its advisory the tech giant makes no mention of this vulnerability being exploitable to perform keystroke injection.
The new firmware release is now rolling out for Magic Keyboard, Magic Keyboard, and Magic Keyboard with numeric keypad, Touch ID, or Touch ID and numeric keypad. If the Magic Keyboard is paired to a macOS, iOS, iPadOS, or tvOS device, the firmware update will be delivered in the background, Apple explains.
Users can also go to System settings on their Macs to check for the update.


This Cyber News was published on www.securityweek.com. Publication date: Fri, 12 Jan 2024 11:43:05 +0000


Cyber News related to Apple Patches Keystroke Injection Vulnerability in Magic Keyboard

Apple Patches Keystroke Injection Vulnerability in Magic Keyboard - Apple this week announced Magic Keyboard firmware updates that patch a vulnerability potentially allowing attackers to inject keystrokes over Bluetooth. The issue was disclosed in December by SkySafe software engineer Marc Newlin, who warned that an ...
5 months ago Securityweek.com
Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover - Attackers can exploit a critical Bluetooth security vulnerability that's been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms. The keystroke injection vulnerability allows an attacker to control the targeted ...
6 months ago Darkreading.com
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
7 months ago Bleepingcomputer.com
Monthly Threat Webinar Series in 2023: What to Expect - We firmly believe that the internet should be available and accessible to anyone and are committed to providing a website that is accessible to the broadest possible audience, regardless of ability. These guidelines explain how to make web content ...
1 year ago Trendmicro.com
Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms - Today, we are pleased to announce that Palo Alto Networks has been named a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms. Before we dive into the significance of this year's Magic Quadrant for EPP, I want to take a ...
5 months ago Paloaltonetworks.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
1 year ago Thehackernews.com
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
5 months ago Silicon.co.uk
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
1 month ago Eff.org
Apple Backported Patches CVE-2022-42856 - Security Affair Updates - Apple recently backported critical security patches for CVE-2022-42856, a newly-discovered vulnerability in Apple devices. The software updates were made available to all users, regardless of the operating system they are currently running. The ...
1 year ago Securityaffairs.com
The sound of you typing on your keyboard could reveal your password - As if password authentication's coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, ...
6 months ago Malwarebytes.com
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
6 months ago Silicon.co.uk
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
6 months ago Eff.org
9 Best Next-Generation Firewall Solutions for 2023 - Next-generation firewalls are network security solutions that go beyond the traditional port/protocol inspection by incorporating application-level inspection, intrusion prevention, and external threat intelligence. As the third generation in ...
6 months ago Esecurityplanet.com
Apple and some Linux distros are open to Bluetooth attack The Register - A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe. The bug, ...
6 months ago Go.theregister.com
Microsoft Add Copilot Key To Windows PC Keyboards - Microsoft is to add a Copilot key on future keyboards for Windows PCs, in first major keyboard change in 30 years. Microsoft is to make the first major change in nearly 30 years to Windows PC keyboards, as it continues to push its artificial ...
6 months ago Silicon.co.uk
Dozens of Bugs Patched in Apple TVs and Watches, Macs, iPads, iPhones - On Dec. 11, Apple released patches for dozens of vulnerabilities affecting iPhones, Macs, Apple TVs, Apple Watches, and its Safari browser. The long list includes 39 vulnerabilities fixed for macOS Sonoma version 14.2. Among them are CVE-2023-42914, ...
6 months ago Darkreading.com
What Do Apple's EU App Store Changes Mean for App Developers? - In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As ...
5 months ago Techrepublic.com
Apple Releases Updates for Older Devices in 2021 - Apple released updates to many of its older devices in 2021, including the iPhones, iPads, and Macs. The updates are to address security vulnerabilities that were discovered in the company's older devices. Apple has previously released several ...
1 year ago Thehackernews.com
Google Fixes Nearly 100 Android Security Issues - December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break. Enterprise software giants also issued their fair share of patches, with Atlassian ...
6 months ago Wired.com
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices - Bluetooth vulnerabilities in Android, Linux, macOS, iOS, and Windows are critical as hackers could exploit them to gain unauthorized access to the vulnerable devices. Such flaws in Bluetooth protocols enable the threat actors to steal sensitive data, ...
5 months ago Cybersecuritynews.com
How to Keep Your Data Secure: Leaks, Breaches, Patches and Tweaks - In today’s world, data security is more important than ever. With the rise of cybercrime, data breaches, and security threats, it’s essential to stay vigilant when it comes to protecting your data. In this article, we discuss the latest news on ...
1 year ago Nakedsecurity.sophos.com
Key software patch testing best practices - To ensure a predictable rollout when a patch is deployed across your network, it is important to test it first in a nonproduction environment. Companies install software and firmware patches to fix bugs, remove vulnerabilities and add new features, ...
2 months ago Techtarget.com
Apple Security Update Fixes Zero-Day Webkit Exploits - Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google's Threat Analysis Group discovered these security bugs. Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to ...
7 months ago Techrepublic.com
Android, Linux, Apple Devices Exposed to Bluetooth Keystroke Injection Attacks - An authentication bypass flaw in the Bluetooth protocol allows attackers to connect to vulnerable devices and inject keystrokes. The issue, tracked as CVE-2023-45866, enables attackers within Bluetooth range to connect to discoverable hosts without ...
6 months ago Securityweek.com
Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection - Apple today launched a new tool for iPhones to help reduce what a thief with your phone and passcode can access. The feature, called Stolen Device Protection, adds extra layers of protection to your iPhone when someone tries to access or change ...
5 months ago Wired.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)