Sennheiser’s HeadSetup and HeadSetup Pro applications are susceptible to hacking, according to Germany’s Secorvo Security Consulting. Sennheiser has now advised users to update to the latest versions of the app after researchers discovered they added two Certification Authority CA certificates into the local system’s Trusted Root CA store, which could potentially allow man-in-the-middle (MITM) attacks.
Sennheiser claims that the update removes these vulnerable certificates from its HeadSteup app. Besides, Secorvo Security Consulting has also published a report with detailed information about this vulnerability, along with a list of mitigation measures. Users who’ve downloaded the HeadSetup app on their systems are advised to manually uninstall the certificate. For more information on how to uninstall the certificate, follow the link here.
In the wake of this vulenrability, Microsoft has also published an advisory which informs customers of two disclosed digital certificates that can be used to remotely spoof website or contents. In addition, the Windows-maker has also updated the Certificate Trust List to ensure that user-mode trust has been ousted from the two Certification Authority certificates installed by Sennheiser’s apps in the local system’s Trusted Root CA store.