Author Topic: Vulnerable software  (Read 5376 times)

0 Members and 1 Guest are viewing this topic.

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Vulnerable software
« on: Sunday, 03 January, 2016 @ 07:37:34 »
Using data from the US government's National Vulnerability Database, cvedetails.com have produced a list of the software products with the most vulnerabilities in 2015.

Perhaps surprisingly, Apple OS X and iOS had the highest number of declared "distinct" vulnerabilities, followed in third place by Adobe's much criticised Flash Player. Google's Android OS was in 20th position.

The figures might seem a little confusing as OS X isn't list by version whereas Microsoft Windows is, Apple fanatics can add up all the Windows versions vulnerabilities and get a total of 1290 compared to 384 for OS X, but bear in mind that some of the same vulnerabilities will be found in each version of Windows so you'll be counting the same vulnerability multiple times. Figures are here: https://www.cvedetails.com/top-50-products.php?year=2015

Top 25:




Ubuntu Linux (and, likely, variations of Ubuntu) had more vulnerabilities than Windows Vista / 7 / 8 / 8.1 / 10

Of the browsers, Internet Explorer had the most vulnerabilities, coming in 7th position, followed by Chrome (8th), Firefox (9th) and Safari (18th).

Overall, in 2015 Apple topped the vendor's list with 654 "distinct" vulnerabilities, followed by Microsoft with 571: Top 50 vendors 2015

Or, if you want to put Microsoft top of the list, you could add up all the Microsoft product vulnerabilities and all the Apple product vulnerabilities. That'll give you 1561 for MS and 1147 for Apple.

Then divide those figures by the number of products:
1561 / 13 = average 120.08 vulnerabilities per MS product
1147 /   7 = average 163.86 vulnerabilities per Apple product

Worth bearing in mind that the lists count declared vulnerabilities without taking into account how easily exploitable they were or how quickly they were fixed. Nevertheless, the figures might be a shock to anyone who believes Apple (or Linux) is immune to malware.

Usual rules apply: keep all your software patched with the latest security updates.

Offline TonyD

  • Forum Deity
  • *****
  • Posts: 616
Re: Vulnerable software
« Reply #1 on: Sunday, 03 January, 2016 @ 11:16:38 »
Had a look at the full 50 product list, and XP nowhere to be seen.

This despite all the naysayers and doom mongering of the last 18 months.

So, XP is either the least vulnerable OS, or.....

Offline Maik

  • Administrator
  • Forum Deity
  • *****
  • Posts: 35160
Re: Vulnerable software
« Reply #2 on: Sunday, 03 January, 2016 @ 15:49:19 »
...or unsupported, EOL software such as XP, Windows 95, 3.1... isn't included.

Pretty certain there's more exploits for Android OS than for iOS, if you include old versions of Android which won't get any more security updates. So far as I know, Android 4.3 and earlier are all EOL but still widely used.

Offline TonyD

  • Forum Deity
  • *****
  • Posts: 616
Re: Vulnerable software
« Reply #3 on: Sunday, 03 January, 2016 @ 20:41:20 »
...or unsupported, EOL software such as XP, Windows 95, 3.1... isn't included.

Good thinking. You're probably right.