| Attack Vector by Distribution Vector | Stolen/Purchased Certificate | Pre-signature Insertion | Default Password Exploit | Account Access | Self-signed/Unsigned | Broken Signature System | Unknown, Other, or N/A |
|---|---|---|---|---|---|---|---|
| Typosquatting | 0 | 0 | 0 | 1 | 8 | 0 | 0 |
| Hijacked Updates | 13 | 1 | 0 | 9 | 3 | 2 | 7 |
| Proprietary Application Store | 0 | 3 | 0 | 2 | 17 | 1 | 2 |
| Third-Party Application Store | 1 | 1 | 0 | 0 | 6 | 2 | 0 |
| Open-Source Dependency | 0 | 1 | 0 | 6 | 9 | 0 | 6 |
| Worm Component | 1 | 0 | 0 | 2 | 0 | 1 | 2 |
| Hardware Component | 1 | 0 | 0 | 1 | 0 | 1 | 1 |
| Direct Download | 1 | 0 | 0 | 0 | 0 | 0 | 1 |
| Phishing | 0 | 0 | 0 | 2 | 2 | 0 | 2 |
| Development Software | 1 | 5 | 0 | 0 | 2 | 0 | 2 |
| Supply Chain Service Provider | 5 | 1 | 7 | 7 | 2 | 10 | 23 |
| Unknown, N/A, or Other | 1 | 0 | 0 | 1 | 0 | 0 | 3 |
