苹果近日发布了妙控键盘固件更新 2.0.6,旨在修复一个重要的蓝牙安全漏洞。这一漏洞可能允许拥有物理访问权限的攻击者窃取蓝牙配对密钥并监控蓝牙通信。该更新适用于多种版本的妙控键盘,包括普通版、2021 款、带数字键盘版、带 Touch ID 版以及带 Touch ID 和数字键盘版。
该漏洞于去年 12 月由安全研究人员 Marc Newlin 发现并报告给苹果。若攻击者利用该漏洞,在获得妙控键盘物理访问权限后,可提取蓝牙配对密钥并监听与键盘进行通信的设备的蓝牙流量。
苹果表示,当妙控键盘与运行 macOS、iOS、iPadOS 或 tvOS 的设备配对并处于活动状态时,固件更新将自动在后台推送安装。用户可在 Mac 上检查妙控键盘的当前固件版本。
苹果一直致力于提高产品安全性,此次更新再次展现了其在保护用户隐私和数据安全方面的决心。为确保用户设备的安全,建议及时更新至最新固件版本。
Title: Apple releases keyboard firmware update to fix Bluetooth security vulnerability
Keywords: Apple, Magic Keyboard, Bluetooth security
News content:
Apple has recently released a firmware update for its Magic Keyboard, version 2.0.6, aiming to fix a critical Bluetooth security vulnerability. This flaw could allow attackers with physical access to the keyboard to steal Bluetooth pairing keys and monitor Bluetooth communication. The update is compatible with various versions of the Magic Keyboard, including the regular version, the 2021 version, the version with a numeric keypad, the version with Touch ID, and the version with both Touch ID and a numeric keypad.
The vulnerability was discovered and reported to Apple by security researcher Marc Newlin in December of last year. If attackers exploit this flaw, they can extract the Bluetooth pairing keys and listen to the Bluetooth traffic of devices communicating with the keyboard after obtaining physical access to the Magic Keyboard.
Apple explains that when the Magic Keyboard is paired with a device running macOS, iOS, iPadOS, or tvOS and is in active use, the firmware update will be automatically pushed to the keyboard in the background. Users can check the current firmware version of the Magic Keyboard on their Macs.
Apple has always been committed to improving the security of its products, and this update demonstrates its dedication to protecting users’ privacy and data security. To ensure the safety of your devices, it is recommended to update to the latest firmware version.
【来源】https://www.ithome.com/0/744/751.htm
Views: 1