Apple's OSes Top 'Most Vulnerable' List of 2014
According to a list of OS vulnerabilities, Apple's desktop and mobile platforms fared the worst last year.
In a report by security firm GFI Software, Apple's Mac OS X had 147 vulnerabilities (with 64 labeled as "high vulnerabilities") and iOS had 127 total flaws (32 being "high vulnerabilities"). Both the Apple products claimed the top two spots for most security flaws in 2014.
Just behind Apple's iOS was the Linux Kernel, with 119 vulnerabilities. The open source platform did not perform so well in a year that brought us high-profile security issues like Shellshock and Heartbleed. "2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems," read the report.
While Microsoft's Windows OS escaped landing in the top three spots in terms of flaws, the rest of the top-10 list is made up of the company's offerings, with Windows Server 2008 coming in at No. 4 with 38 vulnerabilities (24 labeled as high). Still, the company's overall vulnerability count was relatively low compared to the bronze-grabbing Linux Kernel and Apple. In fact, despite populating seven of the 10 spots, Microsoft's total number of vulnerabilities was 248 -- 26 less than the total number of vulnerabilities on Apple's mobile and desktop platforms.
Still, OS issues paled in comparison to third-party application vulnerabilities. "Third-party applications are the most important source of vulnerabilities with over 80 percent of the reported vulnerabilities in third-party applications. Operating systems are only responsible for 13 percent of vulnerabilities and hardware devices for 4 percent," according to GFI Software.
Even though it had a strong OS flaw track record, compared to Apple and Linux, Microsoft's Internet Explorer was the most vulnerable application last year, with 242 vulnerabilities (220 of them labeled high). Two other Web browsers came in right behind IE: Google's Chrome came in with124 vulnerabilities and Mozilla Firefox had a total of 117 for last year.
Overall, it was not a good year for found vulnerabilities. GFI Software pointed to the fact that 7,038 issues were added to the National Vulnerability Database (NVD) in 2014, which was quite a jump up from the previous year's 4,794 issues . The only positive takeaway from these numbers were the fact that while the overall quantity increased, the percentage of those rated high was down, year-over-year, to 24 percent.