Whats everyone doing to evaluate and understand their device exposure on the curl and libcurl CVE? Ive got to the point where understanding if curl is present on the device only goes so far, as there are potentially 3rdparty apps that have/utilise the curl binary and place it on the local device...
Therefore Im for blanket updating the OS as soon as a patch is availble, assuming thats coming.
But for any 3rd party apps, like homebrew on mac, you can install a more recent version of the binary and thus we need to locate these, and then target the respective app/tool to be updated too.
This Im not sure how to action given the spralling possibilities.
Any help is greatly appreciated.
