Apple's OS X and iOS were among the most vulnerable operating systems in 2014

Shawn Knight

Posts: 15,240   +192
Staff member

ios linux oses apple microsoft security hardware operating system os x applications vulnerabilities security exploit

The National Vulnerability Database reported an average of 19 vulnerabilities per day in 2014. Although that figure is an average across all areas, it’s still staggering and sobering to realize that 7,038 new security vulnerabilities were added to their database last year (not to mention what could be countless others that went unreported).

GFI Software recently crunched the numbers, separating vulnerabilities by distribution type and coming up with a list of the top operating systems as it relates to reported vulnerabilities. Here’s what they found.

In terms of distribution, a whopping 83 percent of vulnerabilities were found in applications while 13 percent were related to operating systems. The remaining four percent was credited directly to hardware issues.

Looking at operating system vulnerabilities, you may be surprised to learn that Microsoft is no longer among the top three in terms of reported security issues. The number one spot goes to Apple’s Mac OS X with 147 total vulnerabilities reported last year – 64 of which were considered high-level threats.

Second place belonged to another Apple operating system, iOS. Of the 127 reported issues, 32 were considered to be top-priority threats. Rounding out the top three was Linux with 119 reported incidents. Only 24 of them, however, were deemed high-level vulnerabilities.

It’s worth mentioning that the remaining seven operating systems in the top 10 were all Microsoft products. Specifically, Windows Server 2008, Windows 7, Windows Server 2012, Windows 8, Windows 8.1, Windows Vista and Windows RT – in that order. If you were to consolidate all of those into a single "Windows" category, then Microsoft would jump ahead of all others by a sizable margin.

Internet Explorer topped the list of application vulnerabilities followed by Google Chrome and Mozilla Firefox. To see a trio of browsers at the top is no surprise given our heavy reliance on the Internet.

Permalink to story.

 
Macs don't get viruses. >:-(
Sure they do. It's just never a big deal since the OS X market is substantially smaller than Windows and doesn't exist so much in the enterprise.

In short, OS X is more vulnerable than Windows 8.1, but the user base is just so much smaller that the actual numbers are skewed.
 
Doesn't come as a surprise that Apple OS has become a high risk platform. For too long people have been under the impression that
Macs don't get viruses. >:-(
and people felt safe using them without protection. Where as Windows has been pushing anti virus, firewalls, malware protection for years and people all know that they need anti virus when buying a Windows PC. However, Apple has the ability to push protection via updates much better than Microsoft, people can still run Windows with the auto updates disabled, for power users, that's great, for the average user, not so smart.
 
GFI Software recently crunched the numbers
- The dumbest and pointless statistics that says precisely nothing. They didn't even bother to identify what versions of OS-s were used.
 
*motions hands to indicate pause*

Listen, guys: Macs don't get viruses. Everybody knows this. It's on the Apple forums and at the top of this thread, too. The security in OSX in impenetrable. You can only be infected if you do it yourself because you're incompetent. Ask a Genius, they'll back me up on this. OSX vulnerability is a Microsoft boogeyman invented to sell more copies of Windows to people who don't know any better. This article is clickbait.

Edit: And Steve Jobs isn't dead. He's just semi-retired and had to fake his own death so he could innovate without the distractions of spiteful media and haters. Cook is just a proxy.
 
*motions hands to indicate pause*

Listen, guys: Macs don't get viruses. Everybody knows this. It's on the Apple forums and at the top of this thread, too. The security in OSX in impenetrable. You can only be infected if you do it yourself because you're incompetent. Ask a Genius, they'll back me up on this. OSX vulnerability is a Microsoft boogeyman invented to sell more copies of Windows to people who don't know any better. This article is clickbait.

Edit: And Steve Jobs isn't dead. He's just semi-retired and had to fake his own death so he could innovate without the distractions of spiteful media and haters. Cook is just a proxy.
You are confused and misled by wants and desires. And obviously not even in the slightest bit sure how technology actually works.
 
Sheep think OSX doesn't have viruses = less worries for securty = more vulnerable, perfect for hackers. I'd even say that Linux OSes are also very vulnerable since their users also think that Linux is secure.
 
You are confused and misled by wants and desires. And obviously not even in the slightest bit sure how technology actually works.

I am not. I keep my system up to date and use a strong password. You just wish you could afford a Mac.
 
If you actually read the notes from Microsoft's various 2014 Patch Tuesdays, you'd get a real sense about how many vulnerabilities Internet Explorer actually has.

Spoiler: It's a ton.
 
If you actually read the notes from Microsoft's various 2014 Patch Tuesdays, you'd get a real sense about how many vulnerabilities Internet Explorer actually has.

Spoiler: It's a ton.

Are you surprised, IE controls the greatest market share and is often not up to date with the new patches. IE is easy pickings for hackers and malware makers looking to make a quick buck from the less technological among us.
OS vulnerabilities are harder to exploit and require better skills than the average script kiddie but the same statement as above applies to Windows collectively.
 
So hold on... Were all versions of Mac OSX counted as one for this? Ie, Mavericks, Yosemite etc were counted as one but Windows 8 and 8.1 were counted separately ?
 
The number of vulnerabilities discovered in any particular software over an arbitrary period of time is not equivalent to how 'safe' it is to use. GFI are obviously scaremongering to boost their product sales. I'd like to see a comparison of actual exploits discovered - not vulnerabilities (which are just potential exploits) - perhaps weighted by how many users were affected and how quickly/easily the exploits were remedied. This is the only data that is meaningful to the actual security risk.
 
Doesn't come as a surprise that Apple OS has become a high risk platform. For too long people have been under the impression that
Macs don't get viruses. >:-(
and people felt safe using them without protection. Where as Windows has been pushing anti virus, firewalls, malware protection for years and people all know that they need anti virus when buying a Windows PC. However, Apple has the ability to push protection via updates much better than Microsoft, people can still run Windows with the auto updates disabled, for power users, that's great, for the average user, not so smart.

Sheep think OSX doesn't have viruses = less worries for securty = more vulnerable, perfect for hackers. I'd even say that Linux OSes are also very vulnerable since their users also think that Linux is secure.

http://www.cvedetails.com/vulnerabi...6/product_id-26434/Microsoft-Windows-8.1.html

http://www.cvedetails.com/vulnerabi...remin-2/cvssscoremax-2.99/Apple-Mac-Os-X.html

Windows 8.1 has more vulnerabilities than OSX 10.10.

BOOM
 
Software should all be open source and completely auditable in this age.
Companies should be held accountable for any vulnerabilies intentionally left unfixed for months or years at a time (which happens a lot) and for any weaknesses or backdoors explicitly created.
 
For the record, there is no such thing as an impenetrable system. I believe most of these statistics prove my point. Hackers love a challenge. OSx and linux are considered the most difficult systems to hack. Hence the reason more vulnerabilities were found on linux and OS x. It's also worth noting that many elite hackers use linux systems. They are more likely to find vulnerabilities in Linux systems, especially the latest distros. It's also worth pointing out that other operating systems are considered more difficult and less vulnerable because PC programmers/hackers are more familiar with PC programming languages. Jumping from c++ or c# to Objective C isn't easy and requires a lot of retraining the way your brain processes how you should write code lines. That's actually why Windows PCs are considered more vulnerable--that and the fact that there are more Windows users, and therefore more potential targets. Again, nothing is unhackable. The amount of time + difficulty just increases.
 
I run old OS 10.4 use Norton, Little Snitch new IP-address every time I log in, got one placed in quarantine since about ten years back - it is a flawless system I do regular clone HD to extern on a weekly base have faced one HD crash during these years. When I had PC I had problems…
 
You are confused and misled by wants and desires. And obviously not even in the slightest bit sure how technology actually works.

I am not. I keep my system up to date and use a strong password. You just wish you could afford a Mac.

Keeping your system up to date and using a strong password is only making it partially secure. And yes, you can still get infected by virus/worms that use zero day vulnerabilities. Have you thought about that?
 
Have you thought about that?

Have you thought that maybe I've been trolling this thread from the beginning?

Macs don't get viruses. >:-(

*motions hands to indicate pause*

Listen, guys: Macs don't get viruses. Everybody knows this. It's on the Apple forums and at the top of this thread, too. The security in OSX in impenetrable. You can only be infected if you do it yourself because you're incompetent. Ask a Genius, they'll back me up on this. OSX vulnerability is a Microsoft boogeyman invented to sell more copies of Windows to people who don't know any better. This article is clickbait.

Edit: And Steve Jobs isn't dead. He's just semi-retired and had to fake his own death so he could innovate without the distractions of spiteful media and haters. Cook is just a proxy.

I am not. I keep my system up to date and use a strong password. You just wish you could afford a Mac.
 
The bottom line <at this point> is that it still is misleading for OS X. GFI made an addition to the original stuff explaining the linux stuff, which was a pretty valid explanation. There was some attempt? explanation? for OS X and perhaps iOS by listing Safari. However, without a better explanation of where the vulnerabilities came from it is still far too vague. OS X spans over many different versions. OS X doesn't fit the linux kernel excuse given in the addendum. Yes OS X and iOS include Safari, however the 2 versions are not the same, there is no breakdown there.

So I don't doubt the numbers, but whether or not GFI admits to it being intentional or not, it doesn't really matter, they got a boatload of media attention on this, and TS got a lot of page views out of this, so everyone wins.... except the people that are interested in the actual process behind gathering the data.
 
I think you're correct, slightly biased way of reporting the figures.
Biased isn't the word - Microsoft employee or shill! My understanding is iOS and OSX are based on FreeBSD, another Unix clone as is Linux. There is also the apps and the OS itself. How often do you see the "Nix" OS itself hacked compared to the DOS based Microsoft OSes (they all still contain original DOS code).

From a Linux standpoint, I suspect the writer (or whoever did the original study (someone at Microsoft maybe?), counted the same vulnerability multiple times (once for each Linux distro). Also, I would not be surprised that they also counted something like the BASH bug against the OS when it is a scripting application, not part of the OS!
Where was Google Chrome on the list - it is also a Nix-based OS. Vulnerabilities in Androids are due to numerous apps being let through without being thoroughly vetted. Apple runs a tighter ship, it stands to reason, there will be less vulnerabilities due to "bad apps". My wife uses an iPad (started with iOS 6 and now has iOS 8.1.2 installed). Other than updates to the next version, I only recall one or two updates that contained any security fixes. I run Windows 7 on my desktop and it seems like 90% of the weekly (and occasionally, more often) patches are security fixes, not only in IE but also the OS. I also run Linux systems (on old laptops and in VirtualBox). Again, it is rare there is a patch identified as a security fix.

An article like this should be backed up with factual data and what connections the author and also the ties of those doing the study have to various companies such as Microsoft, Apple, Google, etc. BTW, every study I have seen produced (and some by truly independent) companies will vigorously disagree with the above article.
 
I think you're correct, slightly biased way of reporting the figures.
Biased isn't the word - Microsoft employee or shill! My understanding is iOS and OSX are based on FreeBSD, another Unix clone as is Linux. There is also the apps and the OS itself. How often do you see the "Nix" OS itself hacked compared to the DOS based Microsoft OSes (they all still contain original DOS code).

From a Linux standpoint, I suspect the writer (or whoever did the original study (someone at Microsoft maybe?), counted the same vulnerability multiple times (once for each Linux distro). Also, I would not be surprised that they also counted something like the BASH bug against the OS when it is a scripting application, not part of the OS!
Where was Google Chrome on the list - it is also a Nix-based OS. Vulnerabilities in Androids are due to numerous apps being let through without being thoroughly vetted. Apple runs a tighter ship, it stands to reason, there will be less vulnerabilities due to "bad apps". My wife uses an iPad (started with iOS 6 and now has iOS 8.1.2 installed). Other than updates to the next version, I only recall one or two updates that contained any security fixes. I run Windows 7 on my desktop and it seems like 90% of the weekly (and occasionally, more often) patches are security fixes, not only in IE but also the OS. I also run Linux systems (on old laptops and in VirtualBox). Again, it is rare there is a patch identified as a security fix.

An article like this should be backed up with factual data and what connections the author and also the ties of those doing the study have to various companies such as Microsoft, Apple, Google, etc. BTW, every study I have seen produced (and some by truly independent) companies will vigorously disagree with the above article.
Google Chrome OS (not just google chrome! thats the browser!) is based on Linux, wich is Unix like, because it uses no actual Unix code but its really similar to Unix. Linux is safer in my opinion, not only because its harder to hack (good security build in, file system etc) but also because everyone can search for vulnerabilities and apply patches that can be used for the main build. windows and mac os both dont have this
 
Back