Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)

Install security updates in response to discovered vulnerabilities.

Purchase devices with a vendor and/or mobile carrier commitment to provide security updates in a prompt manner for a set period of time.

Decommission devices that will no longer receive security updates.

Limit or block access to enterprise resources from devices that have not installed recent security updates.

On Android devices, access can be controlled based on each device's security patch level. On iOS devices, access can be controlled based on the iOS version.

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Compromise Application Executable - T1577 (d3bc5020-f6a2-41c0-8ccb-5e563101b60c)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Compromise Client Software Binary - T1645 (4f14e30b-8b57-4a7b-9093-2c0778ea99cf)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Exploitation for Client Execution - T1658 (5abfc5e6-3c56-49e7-ad72-502d01acf28b)	Attack Pattern	1
Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Replication Through Removable Media - T1458 (667e5707-3843-4da8-bd34-88b922526f0d)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Boot or Logon Initialization Scripts - T1398 (46d818a5-67fa-4585-a7fc-ecf15376c8d5)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Exploitation for Initial Access - T1664 (6ecbc2eb-e85a-440a-ab68-4d98f8d56fbe)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Compromise Hardware Supply Chain - T1474.002 (c08366bb-8d11-4921-853f-f0a3b6a2a1da)	Attack Pattern	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Lockscreen Bypass - T1461 (dfe29258-ce59-421c-9dee-e85cb9fa90cd)	Attack Pattern	1
Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Drive-By Compromise - T1456 (fd339382-bfec-4bf0-8d47-1caedc9e7e57)	Attack Pattern	Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	1
Security Updates - M1001 (bcecd036-f40e-4916-9f8e-fd0ccf0ece8d)	Course of Action	Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	1
Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad)	Attack Pattern	Compromise Software Supply Chain - T1474.003 (9558a84e-2d5e-4872-918e-d847494a8ffc)	Attack Pattern	2
Disable or Modify Tools - T1629.003 (2aa78dfd-cb6f-4c70-9408-137cfd96be49)	Attack Pattern	Impair Defenses - T1629 (20b0931a-8952-42ca-975f-775bad295f1a)	Attack Pattern	2
Credentials from Password Store - T1634 (cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3)	Attack Pattern	Keychain - T1634.001 (8605a0ec-b44a-4e98-a7fc-87d4bd3acb66)	Attack Pattern	2
Supply Chain Compromise - T1474 (0d95940f-9583-4e0f-824c-a42c1be47fad)	Attack Pattern	Compromise Hardware Supply Chain - T1474.002 (c08366bb-8d11-4921-853f-f0a3b6a2a1da)	Attack Pattern	2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d)	Attack Pattern	Uninstall Malicious Application - T1630.001 (0cdd66ad-26ac-4338-a764-4972a1e17ee3)	Attack Pattern	2