Security Updates

Install security updates in response to discovered vulnerabilities.

Purchase devices with a vendor and/or mobile carrier commitment to provide security updates in a prompt manner for a set period of time.

Decommission devices that will no longer receive security updates.

Limit or block access to enterprise resources from devices that have not installed recent security updates.

On Android devices, access can be controlled based on each device's security patch level. On iOS devices, access can be controlled based on the iOS version.

ID: M1001
Version: 1.0
Created: 18 October 2019
Last Modified: 18 October 2019

Techniques Addressed by Mitigation

Domain ID Name Use
Mobile T1433 Access Call Log

Decrease likelihood of successful privilege escalation attack.

Mobile T1413 Access Sensitive Data in Device Logs
Mobile T1427 Attack PC via USB Connection
Mobile T1412 Capture SMS Messages
Mobile T1577 Compromise Application Executable

Security updates frequently contain patches to vulnerabilities.

Mobile T1408 Disguise Root/Jailbreak Indicators
Mobile T1456 Drive-by Compromise
Mobile T1404 Exploit OS Vulnerability
Mobile T1405 Exploit TEE Vulnerability
Mobile T1458 Exploit via Charging Station or PC
Mobile T1477 Exploit via Radio Interfaces
Mobile T1579 Keychain

Apple regularly provides security updates for known OS vulnerabilities.

Mobile T1461 Lockscreen Bypass
Mobile T1403 Modify Cached Executable Code
Mobile T1398 Modify OS Kernel or Boot Partition
Mobile T1400 Modify System Partition
Mobile T1399 Modify Trusted Execution Environment
Mobile T1410 Network Traffic Capture or Redirection
Mobile T1576 Uninstall Malicious Application

Security updates typically provide patches for vulnerabilities that enable device rooting.