You might not consider a wi-fi keyboard as one thing it is advisable to fear about updating the software program for, however it seems that even essentially the most seemingly innocuous units may be vulnerable to safety vulnerabilities that have to be patched.
Such is the case with Apple’s Magic Keyboard, which simply received a essential firmware replace to patch a Bluetooth vulnerability that might probably enable a hacker to intercept all the things you kind — together with passwords.
The excellent news is that the bug received’t topic you to random assaults — a hacker would nonetheless must get bodily entry to your keyboard for no less than a brief time period. Nonetheless, that will not be as tough because it sounds in an workplace or faculty atmosphere. As soon as the Bluetooth pairing key has been compromised, they’d presumably have the ability to proceed monitoring no matter your kind except you eliminated and re-paired your Magic Keyboard to your Mac.
In a assist doc revealed earlier this week, Apple describes the problem thusly:
An attacker with bodily entry to the accent might be able to extract its Bluetooth pairing key and monitor Bluetooth site visitors.
The invention of the flaw, designated as CVE-2024-0230, is credited to Marc Newlin of SkySafe, and has been patched in Magic Keyboard Firmware Replace 2.0.6 — Apple’s first safety replace of 2024.
The flaw and corresponding repair applies to almost all of Apple’s Magic Keyboard equipment, together with the unique Magic Keyboard and the up to date 2021 model, plus the bigger Magic Keyboard with Numeric Keypad, and each the usual and numeric keypad-equipped variations that additionally function Contact ID.
Relating to the latter two fashions with Contact ID, even when the safety vulnerability had been exploited (which is unclear), there’s no danger of somebody intercepting your fingerprint.
Whereas the Magic Keyboard has to make use of the usual Bluetooth keyboard profile for max compatibility, the Contact ID sensor can use a separate safe pairing course of that employs robust encryption because it’s solely supposed to work with a appropriate Apple silicon Mac. Additional, whereas the Magic Keyboard with Contact ID can be utilized with a number of Macs and different units, the Contact ID sensor on the keyboard can solely be paired with one Mac at a time.
Observe that this patch doesn’t apply to Apple’s Magic Keyboard for the iPad since that doesn’t assist Bluetooth anyway; it makes use of the iPad’s Good Connector to speak together with your iPad, which is successfully a wired connection that’s not able to being intercepted in the identical method.
How To Set up a Magic Keyboard Firmware Replace
Like firmware updates for Apple’s AirPods, there’s nothing particular it is advisable to do — and even that you are able to do — to put in a Magic Keyboard Firmware Replace.
The method ought to occur mechanically within the background each time your Magic Keyboard is paired with any Apple machine, whether or not that’s a Mac working macOS or an Apple TV, iPhone, or iPad.
You may examine the firmware model in your Magic Keyboard by opening System Settings on a Mac (or Settings on an iPad or iPhone), choosing Bluetooth, after which clicking the “Data” button to the suitable of your keyboard’s title.