CVE-2022-43703

Incomplete verification of installation file signature

EPSS 0.2%CWE-427

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.

Affected products

Arm Ltd · Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://developer.arm.com/documentation/ka005596/latest https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html