Audio company Sennheiser has just issued a fix <https://arstechnica.com/information-technology/2018/11/sennheiser-discloses-monumental-blunder-that-cripples-https-on-pcs-and-macs/> for a really nasty vulnerability where their software for Windows and Mac would install a special fake browser certificate that the machine would continue to trust thereafter, even after the software was removed. Unfortunately, because the installation also included the private key for that certificate (which is never supposed to be distributed), it could then be exploited by arbitrary third parties to trick such machines into trusting random sites.