A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.

Related CVEs

CVE-2024-0230

Key Information

GHSA ID

GHSA-mmg6-j6rr-w793

Published

January 13, 2024 12:30 AM

Last Modified

November 4, 2025 9:31 PM

CVSS Score

2.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: November 23, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.