Skip to content

Hide Navigation Hide TOC

Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)

Install security updates in response to discovered vulnerabilities.

Purchase devices with a vendor and/or mobile carrier commitment to provide security updates in a prompt manner for a set period of time.

Decommission devices that will no longer receive security updates.

Limit or block access to enterprise resources from devices that have not installed recent security updates.

On Android devices, access can be controlled based on each device's security patch level. On iOS devices, access can be controlled based on the iOS version.

Cluster A Galaxy A Cluster B Galaxy B Level
Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Compromise Application Executable - T1577 (d3bc5020-f6a2-41c0-8ccb-5e563101b60c) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Exploitation for Client Execution - T1658 (5abfc5e6-3c56-49e7-ad72-502d01acf28b) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Boot or Logon Initialization Scripts - T1398 (46d818a5-67fa-4585-a7fc-ecf15376c8d5) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Replication Through Removable Media - T1458 (667e5707-3843-4da8-bd34-88b922526f0d) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Compromise Hardware Supply Chain - T1474.002 (c08366bb-8d11-4921-853f-f0a3b6a2a1da) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern 1
Lockscreen Bypass - T1461 (dfe29258-ce59-421c-9dee-e85cb9fa90cd) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Drive-By Compromise - T1456 (fd339382-bfec-4bf0-8d47-1caedc9e7e57) Attack Pattern Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d) Course of Action 1
Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3) Attack Pattern Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern 2
Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc) Attack Pattern Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad) Attack Pattern 2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49) Attack Pattern Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a) Attack Pattern 2
Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3) Attack Pattern Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66) Attack Pattern 2
Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad) Attack Pattern Compromise Hardware Supply Chain - T1474.002 (c08366bb-8d11-4921-853f-f0a3b6a2a1da) Attack Pattern 2