Insecure Third-Party Libraries - T1425 (11bd699b-f2c2-4e48-bf46-fb3f8acd9799)
Third-party libraries incorporated into mobile apps could contain malicious behavior, privacy-invasive behavior, or exploitable vulnerabilities. An adversary could deliberately insert malicious behavior or could exploit inadvertent vulnerabilities.
For example, Ryan Welton of NowSecure identified exploitable remote code execution vulnerabilities in a third-party advertisement library (Citation: NowSecure-RemoteCode). Grace et al. identified security issues in mobile advertisement libraries (Citation: Grace-Advertisement).
Platforms: Android, iOS
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad) | Attack Pattern | Insecure Third-Party Libraries - T1425 (11bd699b-f2c2-4e48-bf46-fb3f8acd9799) | Attack Pattern | 1 |