Skip to content

M1001 Security Updates

Install security updates in response to discovered vulnerabilities.

Purchase devices with a vendor and/or mobile carrier commitment to provide security updates in a prompt manner for a set period of time.

Decommission devices that will no longer receive security updates.

Limit or block access to enterprise resources from devices that have not installed recent security updates.

On Android devices, access can be controlled based on each device’s security patch level. On iOS devices, access can be controlled based on the iOS version.

Item Value
ID M1001
Version 1.0
Created 18 October 2019
Last Modified 18 October 2019
Navigation Layer View In ATT&CK® Navigator

Techniques Addressed by Mitigation

Domain ID Name Use
mobile T1433 Access Call Log Decrease likelihood of successful privilege escalation attack.
mobile T1413 Access Sensitive Data in Device Logs -
mobile T1427 Attack PC via USB Connection -
mobile T1412 Capture SMS Messages -
mobile T1577 Compromise Application Executable Security updates frequently contain patches to vulnerabilities.
mobile T1408 Disguise Root/Jailbreak Indicators -
mobile T1456 Drive-by Compromise -
mobile T1404 Exploit OS Vulnerability -
mobile T1405 Exploit TEE Vulnerability -
mobile T1458 Exploit via Charging Station or PC -
mobile T1477 Exploit via Radio Interfaces -
mobile T1579 Keychain Apple regularly provides security updates for known OS vulnerabilities.
mobile T1461 Lockscreen Bypass -
mobile T1403 Modify Cached Executable Code -
mobile T1398 Modify OS Kernel or Boot Partition -
mobile T1400 Modify System Partition -
mobile T1399 Modify Trusted Execution Environment -
mobile T1410 Network Traffic Capture or Redirection -
mobile T1576 Uninstall Malicious Application Security updates typically provide patches for vulnerabilities that enable device rooting.
Back to top