Your Headphones Might Break The Security of Your Computer

Sennheiser has now been pinpointed as have a major security vulnerability in its HeadSetup app. It involves a self-signed TLS signature and which Sennheiser placed in the Trusted Root CA Certificate store (or in the macOS Trust Store). This means that this certificate can be used to validate other certificates, as the private key on the certificate could be easily extracted.