Skip to content

Hide Navigation Hide TOC

Insecure Third-Party Libraries - T1425 (11bd699b-f2c2-4e48-bf46-fb3f8acd9799)

Third-party libraries incorporated into mobile apps could contain malicious behavior, privacy-invasive behavior, or exploitable vulnerabilities. An adversary could deliberately insert malicious behavior or could exploit inadvertent vulnerabilities.

For example, Ryan Welton of NowSecure identified exploitable remote code execution vulnerabilities in a third-party advertisement library (Citation: NowSecure-RemoteCode). Grace et al. identified security issues in mobile advertisement libraries (Citation: Grace-Advertisement).

Platforms: Android, iOS

Cluster A Galaxy A Cluster B Galaxy B Level
Insecure Third-Party Libraries - T1425 (11bd699b-f2c2-4e48-bf46-fb3f8acd9799) Attack Pattern Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad) Attack Pattern 1