samedi 2 janvier 2016

Windows doesn't top the vulnerability list for 2015, but Microsoft as a whole does

What the FREAK? Huge SSL security flaw stems US government backdoor

Software vulnerabilities are a daily event it seems, but some systems just have more of them. When we think of this a couple of names usually spring to mind -- Flash and Java. However, according to the new list being published by CVE Details, they aren't quite at the top, nor is Microsoft's oft-maligned operating system.

Basing its numbers on "distinct" vulnerabilities, the security firm has released its top 50 naughty list of 2015. Leading the way was, in fact, Apple, which claimed the top two spots -- Mac OS X with a number of 384 vulnerabilities, closely followed by iPhone OS (or iOS as most people like to call it) with 375.

Take heart though, as Flash finished a (dis)respectful third with 314 vulnerabilities . Actually Adobe occupies places three through six, as Air didn't fare much better than Flash. Java landed much further down the list with JRE and JDK in 29th and 30th place respectively.

As for Microsoft, the company didn't do terribly. Internet Explorer was the most vulnerable browser, but Chrome and Firefox were on its heels. Windows 8.1 came in 12th with 151 vulnerabilities, while Windows 7 claimed the 14th spot with 147.

Other notable products on the list include Android, Acrobat, Safari, Windows Server, E-Business Suite, Debian Linux and more. Even Windows Vista and Server 2003 managed to crack the top 50 which is bad news for those poor souls still using them.

In many cases versions are not specified. OS X, for instance, doesn't specify a particular flavor while Windows is divided up into different versions. Overall Microsoft still holds the top spot with the most vulnerabilities in total, followed by Adobe in second. It's just a matter of division. Adobe Flash is not broken up into versions, nor are the browsers, so take all of this with a grain of salt. Remember these are only publicly reported flaws.

It's also important to understand that it's not purely the number of vulnerabilities that matter, but also the severity of them.

You can review the whole list at CVE Details, results may be surprising and scary.

Photo credit: wk1003mike / Shutterstock



Aucun commentaire:

Enregistrer un commentaire