Apple Just Released an Important Security Fix for the Magic Keyboard
Credit: Moritz Kindler / UnsplashToggle Dark Mode
You may not think of a wireless keyboard as something you need to worry about updating the software for, but it turns out that even the most seemingly innocuous devices can be prone to security vulnerabilities that need to be patched.
Such is the case with Apple’s Magic Keyboard, which just got a critical firmware update to patch a Bluetooth vulnerability that could potentially allow a hacker to intercept everything you type — including passwords.
The good news is that the bug won’t subject you to random attacks — a hacker would still need to get physical access to your keyboard for at least a short period of time. However, that may not be as difficult as it sounds in an office or school environment. Once the Bluetooth pairing key has been compromised, they’d presumably be able to continue monitoring whatever your type unless you removed and re-paired your Magic Keyboard to your Mac.
In a support document published earlier this week, Apple describes the issue thusly:
An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.
The discovery of the flaw, designated as CVE-2024-0230, is credited to Marc Newlin of SkySafe, and has been patched in Magic Keyboard Firmware Update 2.0.6 — Apple’s first security update of 2024.
The flaw and corresponding fix applies to nearly all of Apple’s Magic Keyboard accessories, including the original Magic Keyboard and the updated 2021 version, plus the larger Magic Keyboard with Numeric Keypad, and both the standard and numeric keypad-equipped versions that also feature Touch ID.
Regarding the latter two models with Touch ID, even if the security vulnerability had been exploited (which is unclear), there’s no risk of someone intercepting your fingerprint.
While the Magic Keyboard has to use the standard Bluetooth keyboard profile for maximum compatibility, the Touch ID sensor can use a separate secure pairing process that employs strong encryption since it’s only intended to work with a compatible Apple silicon Mac. Further, while the Magic Keyboard with Touch ID can be used with multiple Macs and other devices, the Touch ID sensor on the keyboard can only be paired with one Mac at a time.
Note that this patch does not apply to Apple’s Magic Keyboard for the iPad since that doesn’t support Bluetooth anyway; it uses the iPad’s Smart Connector to communicate with your iPad, which is effectively a wired connection that’s not capable of being intercepted in the same manner.
How To Install a Magic Keyboard Firmware Update
Like firmware updates for Apple’s AirPods, there’s nothing special you need to do — or even that you can do — to install a Magic Keyboard Firmware Update.
The process should happen automatically in the background whenever your Magic Keyboard is paired with any Apple device, whether that’s a Mac running macOS or an Apple TV, iPhone, or iPad.
You can check the firmware version on your Magic Keyboard by opening System Settings on a Mac (or Settings on an iPad or iPhone), selecting Bluetooth, and then clicking the “Info” button to the right of your keyboard’s name.
