Main Vulnerability Database Vulnerabilities #VU85311

#VU85311 Cleartext storage of sensitive information in Magic Keyboard Firmware - CVE-2024-0230

Published: January 11, 2024 / Updated: May 23, 2024

Vulnerability identifier: #VU85311

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2024-0230

CWE-ID: CWE-312

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
Magic Keyboard Firmware

Software vendor:
Apple Inc.

Description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to the way Bluetooth pairing key is stored on the device. An attacker with physical access to the accessory can extract its Bluetooth pairing key and monitor Bluetooth traffic.

Remediation

Install updates from vendor's website.

External links

https://support.apple.com/en-us/HT214050

#VU85311 Cleartext storage of sensitive information in Magic Keyboard Firmware - CVE-2024-0230

Description

Remediation

External links

Please verify you're human