You'd think a Microsoft operating system or the notorious Adobe Flash would top a list of software with the most vulnerabilities last year. But according to security firm CVE Details, they didn't nab first place on its annual software security bugs list. Apple's Mac OS X took the top spot with 384 distinct vulnerabilities, but this doesn't mean that Microsoft and Adobe should be cheering just yet.
Security breach image on Shutterstock
CVE Details released its list of the top 50 software with the most number of distinct vulnerabilities in 2015 and Mac OS X and iOS ended up taking first and second place. Adobe Flash Player came in third. Here's a breakdown of the top 20 list:
|Rank||Destination||# of vulnerabilities||Rank||Destination||# of vulnerabilities|
|1||Mac OS X (Apple)||384||11||Ubuntu Linux (Canonical)||152|
|2||iPhone OS (Apple)||375||12||Windows 8.1 (Microsoft)||151|
|3||Flash Player (Adobe)||314||13||Windows Server 2008 (Microsoft)||149|
|4||Air SDK (Adobe)||246||14||Windows 7 (Microsoft)||147|
|5||AIR (Adobe)||246||15||Windows 8 (Microsoft)||146|
|6||Air SDK & Compiler (Adobe)||246||16||Window RT 8.1 (Microsoft)||139|
|7||Internet Explorer (Microsoft)||231||17||Windows RT (Microsoft)||138|
|8||Chrome (Google)||187||18||Windows Vista (Microsoft)||135|
|9||Firefox (Mozilla)||178||19||Safari (Apple)||135|
|10||Windows Server 2012 (Microsoft)||155||20||Android||130|
As you can see here, while Mac OS X did come in at first place, bear in mind the operating system has been in existence since 2001 and Apple releases major updates regularly. Each update has not been split out by CVE Details and the same goes with iOS which is now up to version 9.
Windows operating systems, however, are broken out individually by the security firm. Collectively as a family, Windows OS blitzes Mac OS X in terms of number of vulnerabilities. As a side note, while Windows 10 appears further down on the list at 35th spot, the operating system was only released a few months ago and has already garnered 53 security bugs.
Also, considering Adobe applications dominated the list from 3rd to 6th place it actually fared quite poorly. CVE Details did consolidate the 2015 results by vendor in a separate graph:
Yes, the absolutely accuracy of these kinds of vulnerabilities lists do need to be scrutinised and questioned but they do provide an indication of what kinds of software attackers are targeting. Ubuntu Linux deserves a noteworthy mention here. You could say it's bad that it appeared on the top 20 list but it could also be interpreted as an indication that Linux-based open source operating systems are becoming more popular; encouraging news for proponents of Linux.