Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)

Install security updates in response to discovered vulnerabilities.

Purchase devices with a vendor and/or mobile carrier commitment to provide security updates in a prompt manner for a set period of time.

Decommission devices that will no longer receive security updates.

Limit or block access to enterprise resources from devices that have not installed recent security updates.

On Android devices, access can be controlled based on each device's security patch level. On iOS devices, access can be controlled based on the iOS version.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc)	Attack Pattern	1
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Exploitation for Client Execution - T1658 (5abfc5e6-3c56-49e7-ad72-502d01acf28b)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Boot or Logon Initialization Scripts - T1398 (46d818a5-67fa-4585-a7fc-ecf15376c8d5)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Replication Through Removable Media - T1458 (667e5707-3843-4da8-bd34-88b922526f0d)	Attack Pattern	1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66)	Attack Pattern	1
Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Compromise Hardware Supply Chain - T1474.002 (c08366bb-8d11-4921-853f-f0a3b6a2a1da)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Lockscreen Bypass - T1461 (dfe29258-ce59-421c-9dee-e85cb9fa90cd)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad)	Attack Pattern	1
Drive-By Compromise - T1456 (fd339382-bfec-4bf0-8d47-1caedc9e7e57)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Compromise Application Executable - T1577 (d3bc5020-f6a2-41c0-8ccb-5e563101b60c)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3)	Attack Pattern	1
Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc)	Attack Pattern	Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad)	Attack Pattern	2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	2
Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3)	Attack Pattern	Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66)	Attack Pattern	2
Compromise Hardware Supply Chain - T1474.002 (c08366bb-8d11-4921-853f-f0a3b6a2a1da)	Attack Pattern	Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad)	Attack Pattern	2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	2