Secunia: Apple software has the most vulnerabilities

By on July 23, 2010, 10:53 AM
Apple computers have generally been regarded as being 'secure' against major viruses and hacking efforts in the past. In part, that could be attributed to the fact that their Mac OS X install base isn't as enticing to malware coders as Microsoft's Windows. But with the rise of Mac market share and the growing popularity of Apple's mobile platforms, it seems very likely that the company' products will become major malware targets in the future.

Just yesterday a report from security software provider Secunia rated Apple as the company with the most security vulnerabilities in its software, surpassing Oracle and even Microsoft. Secunia did clarify, however, that the report is not an indication of the individual vendors' security rather than a view of the industry as a whole. Things like the level of severity or how fast a flaw gets patched didn't play a role in the ranking, which means that software from a company with more vulnerabilities does not necessarily have to be more insecure. Some highlights from the report:

  • On average, 10 vendors are responsible for 38% of the vulnerabilities per year. Among those companies are Apple, Oracle, Microsoft, HP, Adobe, IBM, VMware, Cisco, Google, and Mozilla.
  • From 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and the number is expected to almost double again in 2010 to 760, based on data from the first six months.
  • A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 third-party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.

Secunia's Half Year Report 2010 (PDF) also indicated that since 2005, there has been no significant upward or downward trend in the total number of vulnerabilities in the more than 29,000 products monitored by Secunia.





User Comments: 17

Got something to say? Post a comment
Zilpha Zilpha said:

I think arrogance comes into play somewhat on Apple's part. Steve Jobs really has a superiority complex and I wouldn't be surprised if they don't devote a whole lot of resources to testing for these vulnerabilities.

It will be interesting to see how the next few years unfold, since Apple has "surpassed Microsoft as the most valuable Tech company" - let's see what happens when all those hackers start going in a new direction: toward Apple.

Guest said:

It doesn't matter the platform, it's the ***** user that doesn't know how to update their software, clicks on every link that is on a website or e-mail, ...

Zilpha Zilpha said:

Gues - you know that's not always the case. I'm working with a client right now who was fully patched to SP3, had Avast Pro fully updated and running, Windows Firewall active, and she uses Firefox browser and still managed to somehow get infected with some malware.

Just saying that the "user is invariably an *****" is a rather close-minded way to view the problem. This is everyone's problem.

Burty117 Burty117, TechSpot Chancellor, said:

Zilpha and Guest your kinda both right, Yes the user was smart enough to update their software but obviously accesses websites that are not secure or clicked on an email the user didn't trust.

A company can only protect its products and customers to a certain extent but if a user refuses to learn about computer security (apple fanboys) then they are going to get a virus.

Vrmithrax Vrmithrax, TechSpot Paladin, said:

Wait for it... Wait for it... BWAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHA

And Apple's smug "we're more secure" mantra gets demolished. I really shouldn't be this pleased, but with Apple and Jobs' recent attitudes and behaviors, I can't help but relish when reality bitchslaps them.

maestromasada said:

it doesn't really matter what the user do, the OS is alwyas at fault. Logging as a user (of course, never as an admin like we all do with out boxes) a virus/malware/such should never take any files on the computer at all, it is just how the OS has been designed, and so far, hate saying that, MaxOS has a much better/robust design than M$, don't you think???

kyosuke said:

ha first Apple hacking is beyond easy to the point that it has no interest in the world (so I am told)

Second I'm sure if you ever got a virus on a mac (which I gotten from Tekserve's website a few times) Steve Jobs would just blame us saying it is our fault that we were hacked.

Also There are a wide range of iPhone, iPads, and iPod touches viruses openly known that have yet to be fixed

Don't get viruses get Apple but get Microsoft if you really want to have a chance to protect yourself

dummybait said:

PEBKAC.... enough said...

kyosuke said:

tekserve*

yourself*

jobeard jobeard, TS Ambassador, said:

Gues - you know that's not always the case. I'm working with a client right now who was fully patched to SP3, had Avast Pro fully updated and running, Windows Firewall active, and she uses Firefox browser and still managed to somehow get infected with some malware.

Just saying that the "user is invariably an *****" is a rather close-minded way to view the problem. This is everyone's problem.

lol; bet she's running a browser from the Admin Id; q.e.d.: sadly there's no one providing guidance to new users

jobeard jobeard, TS Ambassador, said:

It doesn't matter the platform, it's the ***** user that doesn't know how to update their software, clicks on every link that is on a website or e-mail, ...

T.S. is 99.9% PC users so someone will always bash the other platforms :grin:

jink said:

Narrow Views

This makes total sense as Apple/Apple users are typically less insecure with less they feel the need to hide (other than trade secrets that is) and, as a result, more open creatively.

Therefore, from a "SECURITY! SECURITY!" perspective, they would show as more vulnerable.

When we choose safety, we reinforce fear - and fear is the mind-killer. Hence why Apple is the mover and shaker in the marketplace at the moment and Microsoft is struggling so. Positive change can only happen when we are open (vulnerable).

Microsoft has been in "lockdown" mode for years now while Apple has been the innovator.

Zilpha Zilpha said:

lol; bet she's running a browser from the Admin Id; q.e.d.: sadly there's no one providing guidance to new users

I don't really know what thought you are trying to express here, but we traced the problem to apparently something on Facebook that she clicked. Unfortunately, she works for a town that has voted to create a Facebook page in order to become closer to the community, and she doesn't have a choice but to use the social networking site.

Whether she was running under an account with administrative privileges or not, the fact still remains that this one managed to slip through the "More Secure" Firefox and also hid itself from Avast's resident scanner. In this instance and in a lot of others, users really do have good intentions. It's a VERY poor customer service attitude to take the position that the user is invariably an *****, and I can't imagine that it would attract much business.

It's not like it was 10 or so years ago when this was still in its infancy - virus writers and hackers are getting smarter and as a result, the malicious software is also getting smarter. Some of this stuff is downright brilliant.

tengeta tengeta said:

I'd assume Apple devices have become the largest target, you can hack a ton of Windows PC's and use them as a botnet, but if you hack 20 iPhones you probably end up with at least 10 peoples financial information which is worth a lot to amateur hackers.

jobeard jobeard, TS Ambassador, said:

I don't really know what thought you are trying to express here,
ok,

the fact still remains that this one managed to slip through the "More Secure" Firefox and also hid itself from Avast's resident scanner.
And that's because there is and never will be a silver bullet in A/V technology - - can't be - - virsus' written today will not have an A/V signature or remove technique for several days.

more plainly: Users accessing the internet while logged on an Admin account

have a death wish. That account has rights to everything and with the wrong things being access, it is trivial to infect the whole system. Users using an LUA or UAC account have 99.9% less chance of being infected.

Clear?

Archean Archean, TechSpot Paladin, said:

using an LUA or UAC account have 99.9% less chance of being infected.

That is one brilliant piece of advice one can give, using this basic precaution not only reduces your chance of getting infected with anything, but also another aspect is ordinary users installing everything or anything they like, without bothering to see whether it is from an reliable source or not, whether they need it or not, which can cause lots of instabilities and security issues, obviously.

Darth Shiv Darth Shiv said:

Guest said:

It doesn't matter the platform, it's the ***** user that doesn't know how to update their software, clicks on every link that is on a website or e-mail, ...

Well considering there will *never* be a shortage of ******, I think a foolproof OS is more likely scenario (remote but more possible granted)...

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.