Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows, OS X, and iOS Top 2015's List of Software With the Most Vulnerabilities (venturebeat.com)

Posted by Soulskill on from the also-top-list-of-most-investigated-for-vulnerabilities dept.

An anonymous reader writes: Which software had the most publicly disclosed vulnerabilities in 2015? According to a site called CVE Details, which organizes data provided by the National Vulnerability Database, Apple's Mac OS X was near the top, with 384 vulnerabilities. iOS followed closely, with 375 vulnerabilities. The list splits out Windows into its separate versions, so it's hard to get an accurate count — simply adding them all together yields a total of over 1,000, but there are likely many duplicates. Other top spots went to Adobe's Flash Player, with 314 vulnerabilities; Adobe's AIR SDK, with 246 vulnerabilities; and Adobe AIR itself, also with 246 vulnerabilities. The four major web browsers also ranked quite highly.

5 of 111 comments (clear)

  1. Android. by Noah+Haders · · Score: 4, Insightful

    I find it hard to believe that iOS would be listed with 375 vulnerabilities, but android would be listed with 130 vulnerabilities. Everybody knows that android is insecure as shizz. Something is fishy here.

    1. Re:Android. by JaredOfEuropa · · Score: 4, Insightful

      Probably depends on what constitutes a "vulnerability". This ranges from the serious "SMS remotely roots your phone without you knowing about it" to the less serious "If you jailbreak your phone and install this dodgy Chinese app, an attacker who gets his hand on your phone may be able to read your last Tweet without having to enter your PIN". Nr/ of vulnerabilities in itself is a crappy measure of security.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    2. Re:Android. by dgatwood · · Score: 4, Insightful

      Many of the security problems with Android are design problems rather than bugs. iOS tends to let the user control app access to shared data, whereas Android tends to put control over access rights in the hands of the developers. Android is getting better at this in recent versions, but there's still a bit of a stigma because of historical problems.

      And as other folks have mentioned, Android's biggest problem is that Google lets hardware developers ship custom versions of the OS in ways that make future updates dependent on the hardware vendor. Companies that make cheap commodity hardware have little incentive to provide those updates, because they are better off selling replacement hardware. As a result, last I checked, a staggering percentage of Android users were running old, unpatched versions of the OS. So Android is insecure because Android *was* insecure when the devices shipped.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  2. Re: Adding together? by Rosyna · · Score: 3, Insightful

    All versions of Mac OS X and iOS are being added together already in the list.

  3. Not bad code, just no updates by Anonymous Coward · · Score: 2, Insightful

    Android isn't insecure because it's full of bugs, it's insecure because out of those 130 vulns discovered, approximately 0 will get patched by the vendors.