CyberSecurityBoard
Sponsor Register Login

Apple Patches Keystroke Injection Vulnerability in Magic Keyboard

Apple this week announced Magic Keyboard firmware updates that patch a vulnerability potentially allowing attackers to inject keystrokes over Bluetooth.
The issue was disclosed in December by SkySafe software engineer Marc Newlin, who warned that an attacker within Bluetooth range could exploit the bug without authentication.
Newlin warned that an adversary would only need a Linux machine and a normal Bluetooth device to mount the attack, and that Android and Linux devices are also affected.
A vulnerable device, he explained, could be tricked into pairing with a fake keyboard without user confirmation, bypassing authentication.
On macOS and iOS, the engineer warned, the attack can be mounted even in Lockdown Mode, if Bluetooth is enabled and Magic Keyboard paired.
This week, Apple announced that the issue, tracked as CVE-2024-0230, has been addressed with the release of Magic Keyboard firmware version 2.0.6.
In its advisory the tech giant makes no mention of this vulnerability being exploitable to perform keystroke injection.
The new firmware release is now rolling out for Magic Keyboard, Magic Keyboard, and Magic Keyboard with numeric keypad, Touch ID, or Touch ID and numeric keypad. If the Magic Keyboard is paired to a macOS, iOS, iPadOS, or tvOS device, the firmware update will be delivered in the background, Apple explains.
Users can also go to System settings on their Macs to check for the update.


This Cyber News was published on www.securityweek.com. Publication date: Fri, 12 Jan 2024 11:43:05 +0000


Cyber News related to Apple Patches Keystroke Injection Vulnerability in Magic Keyboard

Apple Patches Keystroke Injection Vulnerability in Magic Keyboard - Apple this week announced Magic Keyboard firmware updates that patch a vulnerability potentially allowing attackers to inject keystrokes over Bluetooth. The issue was disclosed in December by SkySafe software engineer Marc Newlin, who warned that an ...
1 year ago Securityweek.com CVE-2024-0230
Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover - Attackers can exploit a critical Bluetooth security vulnerability that's been lurking largely unnoticed for years on macOS, iOS, Android, and Linux device platforms. The keystroke injection vulnerability allows an attacker to control the targeted ...
1 year ago Darkreading.com CVE-2023-45866
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
1 year ago Bleepingcomputer.com
Monthly Threat Webinar Series in 2023: What to Expect - We firmly believe that the internet should be available and accessible to anyone and are committed to providing a website that is accessible to the broadest possible audience, regardless of ability. These guidelines explain how to make web content ...
2 years ago Trendmicro.com
Palo Alto Networks Recognized as a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms - Today, we are pleased to announce that Palo Alto Networks has been named a Leader in the 2023 Gartner Magic Quadrant for Endpoint Protection Platforms. Before we dive into the significance of this year's Magic Quadrant for EPP, I want to take a ...
1 year ago Paloaltonetworks.com
New ISC Security Patches Released for 2021: What You Need to Know - The Internet Systems Consortium (ISC), the largest provider of open-source Internet infrastructure software, has released new security patches designed to mitigate data breaches and other cyber threats. These new security patches, released in January ...
2 years ago Thehackernews.com
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
1 year ago Silicon.co.uk
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
9 months ago Eff.org Inception
Apple Backported Patches CVE-2022-42856 - Security Affair Updates - Apple recently backported critical security patches for CVE-2022-42856, a newly-discovered vulnerability in Apple devices. The software updates were made available to all users, regardless of the operating system they are currently running. The ...
2 years ago Securityaffairs.com
GitLab Patches: Severe SAML Authentication Bypass Flaw Fixed - Security Boulevard - In addition to these patches, OmniAuth SAML has been upgraded to version 2.2.1 and Ruby-SAML to 1.17.0. It’s worth mentioning that the issue only impacts self-managed instances; therefore, users of GitLab Dedicated instances do not need to take any ...
5 months ago Securityboulevard.com CVE-2024-45409
Apple Move iPad Engineering To Vietnam - Fresh reports of Apple shifting manufacturing from China, with iPad product development resources relocated to Vietnam. Apple continues to strengthen its manufacturing and development capabilities outside of mainland China, according to recent media ...
1 year ago Silicon.co.uk
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
1 year ago Eff.org
The sound of you typing on your keyboard could reveal your password - As if password authentication's coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, ...
1 year ago Malwarebytes.com
9 Best Next-Generation Firewall Solutions for 2023 - Next-generation firewalls are network security solutions that go beyond the traditional port/protocol inspection by incorporating application-level inspection, intrusion prevention, and external threat intelligence. As the third generation in ...
1 year ago Esecurityplanet.com
Apple and some Linux distros are open to Bluetooth attack The Register - A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe. The bug, ...
1 year ago Go.theregister.com CVE-2023-45866
Dozens of Bugs Patched in Apple TVs and Watches, Macs, iPads, iPhones - On Dec. 11, Apple released patches for dozens of vulnerabilities affecting iPhones, Macs, Apple TVs, Apple Watches, and its Safari browser. The long list includes 39 vulnerabilities fixed for macOS Sonoma version 14.2. Among them are CVE-2023-42914, ...
1 year ago Darkreading.com CVE-2023-42914 CVE-2023-42894 CVE-2023-42890 CVE-2023-42883 CVE-2023-42922 CVE-2023-42923 CVE-2023-42897
What Do Apple's EU App Store Changes Mean for App Developers? - In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As ...
1 year ago Techrepublic.com
Microsoft Add Copilot Key To Windows PC Keyboards - Microsoft is to add a Copilot key on future keyboards for Windows PCs, in first major keyboard change in 30 years. Microsoft is to make the first major change in nearly 30 years to Windows PC keyboards, as it continues to push its artificial ...
1 year ago Silicon.co.uk
Apple Releases Updates for Older Devices in 2021 - Apple released updates to many of its older devices in 2021, including the iPhones, iPads, and Macs. The updates are to address security vulnerabilities that were discovered in the company's older devices. Apple has previously released several ...
2 years ago Thehackernews.com
Google Fixes Nearly 100 Android Security Issues - December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break. Enterprise software giants also issued their fair share of patches, with Atlassian ...
1 year ago Wired.com CVE-2023-42890 CVE-2023-4291 CVE-2023-42940 CVE-2023-40088 CVE-2023-40078 CVE-2023-40094 CVE-2023-7024 CVE-2023-6702
Apple Security Update Fixes Zero-Day Webkit Exploits - Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google's Threat Analysis Group discovered these security bugs. Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to ...
1 year ago Techrepublic.com CVE-2023-42916 CVE-2023-42917
Bluetooth Flaw Let Hackers Takeover of iOS & Android Devices - Bluetooth vulnerabilities in Android, Linux, macOS, iOS, and Windows are critical as hackers could exploit them to gain unauthorized access to the vulnerable devices. Such flaws in Bluetooth protocols enable the threat actors to steal sensitive data, ...
1 year ago Cybersecuritynews.com
Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection - Apple today launched a new tool for iPhones to help reduce what a thief with your phone and passcode can access. The feature, called Stolen Device Protection, adds extra layers of protection to your iPhone when someone tries to access or change ...
1 year ago Wired.com Snatch
Apple's AI Moves Will Impact Future Chip, Cloud Security Plans - The measures Apple has implemented to prevent customer data theft and misuse by artificial intelligence will have a marked impact on hardware security, especially as AI becomes more prevalent on customer devices, analysts say. Apple emphasized ...
8 months ago Darkreading.com
Apple backports fix for RTKit iOS zero-day to older iPhones - Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers ...
9 months ago Bleepingcomputer.com CVE-2024-23296

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)