With the recent increase in sales of all things Apple, its once strong perception of being very secure is losing steam, especially thanks to the sale over notebooks and iPhones. In a recent report from GFI, both OS X and iOS are the leaders for vulnerabilities. Surprisingly all Windows distributions come in with less than Linux. OS X leads the board with whooping 147 vulnerabilities, of which 64 are labeled as “High Risk”. iOS comes in second, with 127 total, and 32 “High Risk”. Unexpectedly Linux comes in third with 119 total, and 24 “High Risk”. We can see the final results in the table below.
In 2014 alone, GFI reported a total of 7,038 new security vulnerabilities, up greatly from 4,794 in 2013. 294, or 24 percent, of the 7,038 new vulnerabilities came in as “High Risk”
GFI’s Christian Florian had the following to say in regards to Linux’s surprising place:
“2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems.”
Specific examples as reported he listed were:
“Heartbleed, for example, is a critical security vulnerability detected in OpenSSL while Shellshock is a vulnerability that affects GNU Bash.”
To clarify, all versions of OS X (Lion, Mountain Lion, Mavericks, Yosemite, etc.) were tested together, yet all major Windows versions got their own testing. THis could be due to duplication among all the versions of Windows, which leads to the very close results for each version. Had this been done with OS X, we could have a better reference between competing versions of OS X and Windows.
Despite the individual results for iOS, we do not have any individual test for Android, which has become a very popular target recently. This could be due to Android being included with the Linux OS’ and could be a leading source for the Linux OS.
Digging deeper into the world of the vulnerabilities we see individual testing for various applications, such as web browsers, plugins, and other run-times. Not so surprisingly here we see Internet Explorer leading the board with a generous 242 vulnerabilities, which almost doubles the next closest entry, Google Chrome. Only making matters worse for Internet Explorer is that 220, 91 percent, are “High Risk”. Usually leader, Adobe Flash Player came in “only” fourth place with 76 vulnerabilities, but had a very high percentage of “High Risk”. Oddly we do not sure Safari by Apple included in these tests.
Your safest bet to avoid falling prey to any of these vulnerabilities, as suggested by GFI, is keeping browsers, Java, your OS, and any other run-times used up to date. With Adobe products being often used, they suggest ditching these products all together.