An attacker manipulates the codebase provided in a software patch,
						firmware version, or product update to contain malicious code. This results
						in devices, products, or software downloading and executing the attacker's
						code, or the code is introduced when the user upates the BIOS of a device. A
						malicious software update can perform any range of actions, depending on the
						attacker's intent. Of greatest concern are compromised updates that
						introduce logic bombs, deliberately hidden backdoors or rootkits,
						self-modifying code, keyloggers, or other means of gaining direct access to
						an organization's internal network.