Surprise, OS X is the most vulnerable software of 2015 not Adobe Flash

OS X emerges the most vulnerable software of 2015 with iOS coming second most vulnerable, Apple the company with most vulnerabilities

Now that 2015 is behind us we get to look at the most vulnerable software that could put our PC/laptop or smartphone in jeopardy and also leak our personal information. The year had started with the favourite whipping boy of security researchers and cyber security firm, Adobe Flash reporting multiple zero-days and you would you expected it to top the list of most vulnerable software.

Surprisingly according to the study by CVE Details, Flash is ranked third well behind OS X, the Apple’s proprietary operating system. Even more surprising is that Apple’s mobile operating system iteration, iOS ranks second in the most vulnerable software list.

The results are based on various reports by independent security researchers, cyber-security firms, and even the makers of various software themselves have reported security vulnerabilities who asked for a CVE (Common Vulnerabilities and Exposures) identifier in 2015.

The CVE is a centralised identifier for vulnerabilities and security researchers/security firms/app developers use CVE to track security flaws across products and time.

According to CVE Details, a website that manages an inventory of security vulnerabilities based on their CVE identifiers, during 2015, the company that received most new CVE numbers was Apple.  Security researchers discovered 654 security flaws in Apple’s products, 83 more security bugs than the runner-up, Microsoft with a total of 571 vulnerabilities.

The top companies with their vulnerabilities are listed below :

  1. Apple 654 security bugs
  2. Microsoft 571 security bugs
  3. Cisco – 488 security bugs
  4. Oracle – 479 bugs
  5. Adobe – 460 bugs
  6. Google – 323 bugs
  7. IBM – 312 bugs
  8. Mozilla – 188 bugs
  9. Canonical – 153 bugs
  10. Novell – 143 bugs.

Apple with its 654 bugs joined the elite most vulnerable companies list which includes IBM in 2014 with 455 bugs, Oracle in 2013 with 496 bugs, Oracle again in 2012 with 380 bugs, and Google in 2011 with 295 bugs. Microsoft has been the most consistent of them by winning the rotten tomatoes between 1999 and 2010.

OS X the most vulnerable software

The CVE Details throws up some fascinating facts as well. The software which was eulogised as the most secure piece of coding on planet Earth has been found to be most vulnerable this year. Apple’s OS X operating system which powers Macs and Macbooks reported 384 security bugs. Even more surprising is that its mobile phone cousin, iOS which powers the iPhones of the world, came in second with 375 bugs.

As mentioned above, the perennial favourite of security researchers and security firms, Adobe’s Flash Player came in a distant third. Flash was expected to come first by most users especially after the slew of security bugs that spilled out in the open after the Hacking Team data breach. In 2015  Flash ‘only’ had 316 security bugs. Even the other perennial hot favorite, Microsoft’s Internet Explorer came in a distant fifth.

The list of most vulnerable software is given below :

  1. OS X with 384 security bugs
  2. iOS with 375 security bugs
  3. Adobe Flash with 316 security bugs
  4. Adobe AIR 246 security bugs
  5. Internet Explorer with 231 bugs
  6. Google Chrome with 187 bugs
  7. Mozilla Firefox with 178 bugs
  8. Windows Server 2012 with 155 bugs
  9. Ubuntu with 152 bugs,
  10. Windows 8.1 with 151 bugs.

With most companies phasing out the use of Flash in 2016, it might not even figure in the CVE list next year. Same is the case with Internet Explorer and Windows Server 2013/Windows 8.1. Next year will see a rise of new vulnerability giant, the newly released Microsoft’s Windows 10 operating system.

LEAVE A REPLY

Please enter your comment!
Please enter your name here