Security

Which Software Had The Most Vulnerabilities In 2015? (Hint: It's Not Windows)

You’d think a Microsoft operating system or the notorious Adobe Flash would top a list of software with the most vulnerabilities last year. But according to security firm CVE Details, they didn’t nab first place on its annual software security bugs list. Apple’s Mac OS X took the top spot with 384 distinct vulnerabilities, but this doesn’t mean that Microsoft and Adobe should be cheering just yet.

Security breach image on Shutterstock

CVE Details released its list of the top 50 software with the most number of distinct vulnerabilities in 2015 and Mac OS X and iOS ended up taking first and second place. Adobe Flash Player came in third. Here’s a breakdown of the top 20 list:

Rank Destination # of vulnerabilities Rank Destination # of vulnerabilities
1 Mac OS X (Apple) 384 11 Ubuntu Linux (Canonical) 152
2 iPhone OS (Apple) 375 12 Windows 8.1 (Microsoft) 151
3 Flash Player (Adobe) 314 13 Windows Server 2008 (Microsoft) 149
4 Air SDK (Adobe) 246 14 Windows 7 (Microsoft) 147
5 AIR (Adobe) 246 15 Windows 8 (Microsoft) 146
6 Air SDK & Compiler (Adobe) 246 16 Window RT 8.1 (Microsoft) 139
7 Internet Explorer (Microsoft) 231 17 Windows RT (Microsoft) 138
8 Chrome (Google) 187 18 Windows Vista (Microsoft) 135
9 Firefox (Mozilla) 178 19 Safari (Apple) 135
10 Windows Server 2012 (Microsoft) 155 20 Android 130

As you can see here, while Mac OS X did come in at first place, bear in mind the operating system has been in existence since 2001 and Apple releases major updates regularly. Each update has not been split out by CVE Details and the same goes with iOS which is now up to version 9.

Windows operating systems, however, are broken out individually by the security firm. Collectively as a family, Windows OS blitzes Mac OS X in terms of number of vulnerabilities. As a side note, while Windows 10 appears further down on the list at 35th spot, the operating system was only released a few months ago and has already garnered 53 security bugs.

Also, considering Adobe applications dominated the list from 3rd to 6th place it actually fared quite poorly. CVE Details did consolidate the 2015 results by vendor in a separate graph:

Yes, the absolutely accuracy of these kinds of vulnerabilities lists do need to be scrutinised and questioned but they do provide an indication of what kinds of software attackers are targeting. Ubuntu Linux deserves a noteworthy mention here. You could say it’s bad that it appeared on the top 20 list but it could also be interpreted as an indication that Linux-based open source operating systems are becoming more popular; encouraging news for proponents of Linux.


Have you subscribed to Lifehacker Australia's email newsletter? You can also follow us on LinkedIn, Facebook, Twitter and YouTube.

Trending Stories Right Now