My Mom has one of these keyboards, so I thought I’d check to see if the firmware had been automatically updated, as Apple’s article indicates.
However, when I went to System Preferences, there was no “info button” to click. Additionally, when I pulled up the System Report, the firmware version for her Magic Keyboard with Numeric Keypad was given in a completely unexpected format (hexadecimal, perhaps?) as 0x0107, unless I am misreading something.
She’s running MacOS 11 Big Sur on an Intel 21.5-inch iMac. I forget exactly which model year. Apple’s article makes no mention of a minimum MacOS version requirement for the update to be automatically installed. Does anyone know what the story is? If there is such a requirement, Apple should state it. Of course, the update does not appear to be manually downloadable. Really odd, for a security issue supposedly so major that several articles about it are labeling the update as “rare.”
And consider there are 2 vulnerabilities here, one of which is the keyboard firmware, and the other is in macOS. The latter one has only been verified as applicable to Monterey and later, - but Big Sur has not been tested so the jury’s out on whether it’s vulnerable too.
The issue does not appear to be addressed in any release other than 14.2 as of this date. It’s always possible that Apple will release the fix for Monterey and Ventura as they’re technically still receiving some updates - but to date the issues remain unpatched.
The macOS vulnerability will probably never be addressed in Big Sur, as Apple no longer supports it.
Howard Oakley is still correct when he says:
For the rest of us, while it’s important to ensure that our Macs and their Bluetooth devices are properly protected, the only important message is to underline yet again that, if your Mac isn’t running the current version of macOS, it really isn’t secure at all.