Main Vulnerability Database Exploits ID:9855 - Exploit for Cleartext storage of sensitive information in Magic Keyboard Firmware - CVE-2024-0230

ID:9855 - Exploit for Cleartext storage of sensitive information in Magic Keyboard Firmware - CVE-2024-0230

Published: May 23, 2024

Vulnerability identifier: #VU85311

Vulnerability risk: Low

CVE-ID: CVE-2024-0230

CWE-ID: CWE-312

Exploitation vector: Local access

Vulnerable software:
Magic Keyboard Firmware

Link to public exploit:

https://github.com/keldnorman/cve-2024-0230-blue

Vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to the way Bluetooth pairing key is stored on the device. An attacker with physical access to the accessory can extract its Bluetooth pairing key and monitor Bluetooth traffic.

Remediation

Install updates from vendor's website.

ID:9855 - Exploit for Cleartext storage of sensitive information in Magic Keyboard Firmware - CVE-2024-0230

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human