24-Year-Old curl mTLS Reuse Flaw and 34% Smart TV Proxyware SDKs Reveal Persistent Supply-Chain Exposure

Procurement and firmware telemetry show the curl flaw persisted across two decades of releases because connection-reuse logic never re-validated mTLS state after option changes. AISLE traced the defect to pre-2001 code paths; independent review of git history confirms no regression test covered credential or host-identity invalidation after reuse decisions. Spur's scan of webOS and Tizen app stores found 42.5% and 26.9% of titles respectively shipping proxy SDKs, concentrated in low-utility categories whose manifest permissions were never audited for outbound relay behavior. Smart TVs occupy the same residential IP segment as user devices yet lack endpoint detection or update scrutiny applied to general-purpose computers. The combination creates a low-friction residential proxy fabric that survives user consent dialogs and persists across firmware versions, directly contradicting vendor marketing that frames these platforms as sealed appliances. Next indicators to monitor are firmware update telemetry showing proxy SDK removal rates and any curl-dependent projects that remain on pre-8.21.0 builds past Q3 2026; contract awards for TV platform security audits will signal whether manufacturers treat the exposure as systemic.