This 'critical security vulnerability' has gone unnoticed on Apple and Android devices for a decade

iPhone 14 pro Max and MacBook
(Image credit: Getty Images / Wirestock)

If you have an Apple device and tend to have your Bluetooth on in public, there’s a chance someone could use it to exploit your device. Despite laying dormant for years, a Bluetooth security flaw has just been spotted and according to the Android Security Bulletin, it is a ‘critical security vulnerability.’

As originally spotted by Marc Newlin from Sky Safe, any user who connects a Magic Keyboard to their MacBook can be vulnerable. A person running Linux can register their device to it, effectively causing keystroke-injection vulnerabilities – mimicking keystrokes by the legitimate user. This can be used to steal information, run commands on the device, and more. These vulnerabilities were disclosed to Apple on August 1st this year, followed by a public disclosure on December 6th. 

A Bluetooth problem – iMore’s take

This is not the first time a major security fault has been spotted that accesses Bluetooth in some way. Back in September, a tech enthusiast discovered you could falsely ping iPhones with an AirPods notification with nothing but a Flipper Zero hacking tool. It did have to be very close to the device it was pinging, but it was theorized the distance could be much greater with the right tech. Turning off Bluetooth through Control Center wouldn’t fix this, and users had to turn it off in Settings. It is important to note that any device with Bluetooth capabilities could do the same, so this security fault lies in Apple's hands to fix. 

Bluetooth is a great bit of tech that has had some severe problems like the two examples above due to how easy it is to connect, and this vulnerability is just one of many. Despite being informed of this four months ago, Apple has not commented or changed anything publicly yet. A security patch for devices running Android 11 and onward has been issued, and future devices will contain the fix automatically, but devices running before Android 11 will be left vulnerable. Hopefully, Apple will fix this problem, too. 

iMore has reached out to Apple for comment. 

More from iMore

James Bentley

James is a staff writer and general Jack of all trades at iMore. With news, features, reviews, and guides under his belt, he has always liked Apple for its unique branding and distinctive style. Originally buying a Macbook for music and video production, he has since gone on to join the Apple ecosystem with as many devices as he can fit on his person. 

With a degree in Law and Media and being a little too young to move onto the next step of his law career, James started writing from his bedroom about games, movies, tech, and anything else he could think of. Within months, this turned into a fully-fledged career as a freelance journalist. Before joining iMore, he was a staff writer at Gfinity and saw himself published at sites like TechRadar, NME, and Eurogamer. 

As his extensive portfolio implies, James was predominantly a games journalist before joining iMore and brings with him a unique perspective on Apple itself. When not working, he is trying to catch up with the movies and albums of the year, as well as finally finishing the Yakuza series. If you like Midwest emo music or pretentious indie games that will make you cry, he’ll talk your ear off.