Apple has released firmware updates for its Magic Keyboard to address a vulnerability that could allow attackers to inject keystrokes over Bluetooth. The vulnerability, disclosed by SkySafe software engineer Marc Newlin in December, could be exploited by an attacker within Bluetooth range, requiring only a Linux machine and a Bluetooth device. The attack involves tricking a vulnerable device into pairing with a fake keyboard without user confirmation. The issue is tracked as CVE-2024-0230, and Apple has addressed it with Magic Keyboard firmware version 2.0.6. The update is rolling out for various Magic Keyboard models.
Read more: https://www.securityweek.com/apple-patches-keystroke-injection-vulnerability-in-magic-keyboard/