Main Vulnerability Database Vulnerabilities #VU85311

Cleartext storage of sensitive information in Magic Keyboard Firmware - CVE-2024-0230

Published: January 11, 2024 / Updated: May 23, 2024

Vulnerability identifier: #VU85311

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2024-0230

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vendor: Apple Inc.

Affected software:
Magic Keyboard Firmware

Detailed vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to the way Bluetooth pairing key is stored on the device. An attacker with physical access to the accessory can extract its Bluetooth pairing key and monitor Bluetooth traffic.

How to mitigate CVE-2024-0230

Install updates from vendor's website.

Sources

https://support.apple.com/en-us/HT214050

Cleartext storage of sensitive information in Magic Keyboard Firmware - CVE-2024-0230

Detailed vulnerability description

How to mitigate CVE-2024-0230

Sources

Please verify you're human