CVE-2022-43703

Incomplete verification of installation file signature

EPSS 0.2%CWE-427

An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.

Productos afectados

Arm Ltd · Arm Compiler 5 (AC5), Arm Compiler for Embedded 6 (AC6), Fast Models (FM), Arm Compiler for Embedded FuSA (ACEF), Arm Development Studio (ADS), Arm Forge (AF), Arm Mobile Studio (AMS), DS-5 Development Studio, Fast Models (FM), GNU Toolchain (GT), Keil MDK (KMDK), Mbed Studio (MS)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://developer.arm.com/documentation/ka005596/latest https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00930.html