The latest Firefox version fixes quite a few problems, but one of the more interesting fixes was for a vulnerability that affected people using AirPods connected to an iPhone, which is not something you’d expect to find in a browser release.
While new versions of Firefox generally bring new features and a handful of security fixes, most are related to the browser itself. Rarely does it impact other devices. It’s not impossible, though, as the latest Firefox 74 update has shown.
The bug, designated CVE-2020-6812, is not as straightforward as you might think, but it shows just how interconnected devices are, even when they seem to have no apparent connection with one another.
“The first time AirPods are connected to an iPhone, they become named after the user’s name by default (e.g. Jane Doe’s AirPods.)” reads the description of the bug. “Websites with camera or microphone permission are able to enumerate device names, disclosing the user’s name. To resolve this issue, Firefox added a special case that renames devices containing the substring ‘AirPods’ to simply ‘AirPods’.”
This particular vulnerability doesn’t appear to have been used in the wild, but that doesn’t mean that it won’t be exploited once the patch is released. It takes a while for hackers to figure out how this works, from a technical point of view, and to develop tools that take advantage.
It’s important to keep your browser up to date, along with any other hardware device you might have. Interestingly enough, the details of the CVE are not public, but that’s not entirely unusual.