Main Vulnerability Database SB2024011131

SB2024011131 - Information disclosure in Apple Magic Keyboard Firmware

Published: January 11, 2024 Updated: May 23, 2024

Security Bulletin ID SB2024011131

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Cleartext storage of sensitive information (CVE-ID: CVE-2024-0230)

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to the way Bluetooth pairing key is stored on the device. An attacker with physical access to the accessory can extract its Bluetooth pairing key and monitor Bluetooth traffic.

Remediation

Install update from vendor's website.

References

https://support.apple.com/en-us/HT214050