Apple patches security flaw that allowed Magic Keyboard Bluetooth connections to be faked

After a public disclosure in December, Apple has issued a firmware update for the Magic Keyboard to block a security flaw that allowed an attacker to enter keystrokes through a cloned keyboard connection.An Apple Magic KeyboardThe now-patched vulnerability was disclosed to Apple and Google in August 2023, and disclosed publicly in December by security researcher Marc Newlin. At the time, Newlin said he had been investigating and then reporting unauthenticated Bluetooth keystroke-injection vulnerabilities in macOS and iOS for months.The patch is available for both the regular and extended Magic Keyboard, both with and without Touch ID. No user action is required, and Apple says that the 2.0.6 patch will automatically apply itself when a Magic Keyboard is paired to an Apple device. Continue Reading on AppleInsider | Discuss on our Forums