- Description
- A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.
- Source
- product-security@apple.com
- NVD status
- Modified
- Products
- magic_keyboard_firmware
CVSS 3.1
- Type
- Primary
- Base score
- 2.4
- Impact score
- 1.4
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- Severity
- LOW
- Hype score
- Not currently trending
CVE-2024-0230 Bluetooth vulnerabilities in Android Linux macOS iOS and Windows https://t.co/Wqo9t3vB7Q https://t.co/OSg2KG668P WifiKey AC Gateway Pre-auth RCE https://t.co/QkxyClI0OP CVE-2024-0204 PoC For Fortra GoAnywhere MFT Authentication Bypass https://t.co/rtjzKht2D1
@Hermes_tooll
13 Mar 2026
1139 Impressions
3 Retweets
13 Likes
9 Bookmarks
0 Replies
0 Quotes
This repository contains proof-of-concept scripts for CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230 Bluetooth vulnerabilities in Android, Linux, macOS, iOS and #Windows can be exploited to pair an emulated Bluetooth keyboard and inject keystrokes without user confirmation htt
@minacrissDev_
5 Sept 2025
241 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:magic_keyboard_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "643DF5A4-035B-426F-AC1B-CC0DFFB82C47",
"versionEndExcluding": "2.0.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:apple:magic_keyboard:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B501279A-4B87-4E15-A6C7-07EB88491878",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]