Security Updates

Install security updates in response to discovered vulnerabilities.

Purchase devices with a vendor and/or mobile carrier commitment to provide security updates in a prompt manner for a set period of time.

Decommission devices that will no longer receive security updates.

Limit or block access to enterprise resources from devices that have not installed recent security updates.

On Android devices, access can be controlled based on each device's security patch level. On iOS devices, access can be controlled based on the iOS version.

ID: M1001

Version: 1.0

Created: 18 October 2019

Last Modified: 18 October 2019

Techniques Addressed by Mitigation

Domain	ID	Name	Use
Mobile	T1433	Access Call Log	Decrease likelihood of successful privilege escalation attack.
Mobile	T1413	Access Sensitive Data in Device Logs
Mobile	T1427	Attack PC via USB Connection
Mobile	T1412	Capture SMS Messages
Mobile	T1577	Compromise Application Executable	Security updates frequently contain patches to vulnerabilities.
Mobile	T1408	Disguise Root/Jailbreak Indicators
Mobile	T1456	Drive-by Compromise
Mobile	T1404	Exploit OS Vulnerability
Mobile	T1405	Exploit TEE Vulnerability
Mobile	T1458	Exploit via Charging Station or PC
Mobile	T1477	Exploit via Radio Interfaces
Mobile	T1579	Keychain	Apple regularly provides security updates for known OS vulnerabilities.
Mobile	T1461	Lockscreen Bypass
Mobile	T1403	Modify Cached Executable Code
Mobile	T1398	Modify OS Kernel or Boot Partition
Mobile	T1400	Modify System Partition
Mobile	T1399	Modify Trusted Execution Environment
Mobile	T1410	Network Traffic Capture or Redirection
Mobile	T1576	Uninstall Malicious Application	Security updates typically provide patches for vulnerabilities that enable device rooting.

Security Updates

Mobile Layer

Techniques Addressed by Mitigation