Esquilichi

**Name of the Vulnerable Software and Affected Versions** Rizin (affected versions not specified) **Description** Rizin is a UNIX-like reverse engineering framework and command-line toolset. A double free occurs in the `byte pattern search()` function within the `librz/core/cmd/cmd search.c` file due to incorrectly declared pointer ownership. A double free is a memory corruption issue where the same memory address is freed twice, potentially leading to crashes or arbitrary code execution. **Recommendations** Apply the fix provided in commit 045fff363b42b8a6dda8ad5229c29ec3267e7dbe.

Name of the Vulnerable Software and Affected Versions: Cursor versions prior to 0.41.0 Description: The issue affects Cursor, an artificial intelligence code editor, on macOS. If a user has granted Cursor access to the camera or microphone, any program run on the machine can access these devices without explicit permission. This is possible through a DyLib Injection using the DYLD INSERT LIBRARIES environment variable, combined with specific entitlements such as `com.apple.security.cs.allow-dyld-environment-variables` and `com.apple.security.cs.disable-library-validation`. The entitlements `com.apple.security.device.camera` and `com.apple.security.device.audio-input` allow the application to use the host camera and microphone, respectively. As a result, untrusted code executed on the user's machine can access the camera or microphone if the user has already given permission for Cursor to do so. Recommendations: For versions prior to 0.41.0, as a temporary workaround, consider not explicitly giving Cursor permission to access the camera or microphone if untrusted users can run arbitrary commands on the affected machine. Update to version 0.41.0 or later, where the entitlements have been split by process to prevent this issue.