According to CVE Details, the most problematic OS in terms of the number of vulnerabilities was Google Android, far ahead of the number of bugs of last year’s Apple Mac OS X leader, numerous versions of Linux and leaving the Microsoft Windows family far behind.
The operating system is software on which the other applications installed on computer work, and that is the most important of the programs.
Android OS has become the leader of “holey” statistics.
According to the CVE Details database, which monitors and organizes the security of various software products due to code errors, the Microsoft Windows family last year demonstrated the lowest level of vulnerability among operating systems. “Skipping” ahead of Apple Mac OS X, numerous versions of Linux and the “leader” in terms of the number of vulnerabilities discovered are Google Android.
According to statistics from CVE Details last year, Apple Mac OS X (444 vulnerabilities) and iOS (387) were among the “leaders” by the number of detected bugs. In 2016, these operating systems shifted in the ranking of the top 50 most vulnerable software to 11 and 15 places from 215 and 161 identified vulnerabilities, respectively.
The most full-blown OS of 2016 – Google Android, on the contrary, in 2015 had only 125 noticed vulnerabilities, having increased, thus, the sad figures more than four times in just one year.
Most often, last year, Android found vulnerabilities related to privilege escalation (39.8%) and denial of service (25%). It is also important to note that among the 523 errors found, 254 had a CVSS (Common Vulnerability Scoring System) vulnerability rating of 9 points or higher, which in practice means a very high degree of danger of such bugs.
The top three “absolute leaders” of 2016 in the number of vulnerabilities also included Debian Linux and Ubuntu Linux, with 319 and 278 bugs detected, respectively. The fourth place went to the Adobe Flash Player, a multimedia player with 266 bugs, although in 2015 it occupied a higher third step with 329 vulnerabilities.
And, on the contrary, the most frequently “inclined” for the bugs of the OS of the Windows family took this year far from “prize” places. So, Windows 10 “scored” 172 flaws, Windows 8.1 – 154, Windows 7 and Windows Vista – 134 and 125 detected vulnerabilities, respectively.
Among the server versions, the most vulnerable (16th line of rating) was Windows Server 2012 with its 156 bugs, Windows Server 2008 ranked 22nd with 133 vulnerabilities.
CVE Details statistics for 2016 browsers also marked the most vulnerable Google Chrome with its 172 bugs. It is followed closely by Microsoft Edge (135), then Mozilla Firefox (133), Microsoft Internet Explorer (129), & at the end of the list at 44 positions Apple Safari (56).
Office suite Microsoft Office ranked last but one, 49 in the ranking with 48 vulnerabilities discovered in 2016.
In 2016, the CVE Details statistics sliced ranked top companies by Adobe with a total of 1383 bugs for all the company’s products mentioned in the rating (Flash Player, Acrobat Reader, and Acrobat versions). The second place went to Microsoft with its 1325 bugs, Google went to the third place (695 errors), Apple (611) and Red Hat (596) got the fourth and fifth places.
The CVE Details database takes into account software vulnerabilities if they were officially registered in the Common Vulnerabilities and Exposures (CVE) database of MITRE, a non-governmental, non-profit organization from the United States that manages federal-funded research supported by the Department of Defense, Federal Aviation Administration, Department of National Safety, National Institute of Standards and Technology.
Also Read: How to free up space on your Windows PC
Independent analysts separately emphasize that, despite the intriguing CVE Details, they should be taken in a specific, proper context. By assigning a unique vulnerability indicator to a particular software product, CVE provides an opportunity for users to make sure that eventually, the software received an adequate update and protection against the identified vulnerabilities.
However, CVE numbers are entirely irrelevant to any product safety ratings. In other words – by analogy with medicine, the number of visits to the polyclinic does not at all mean the patient’s health rating.
Not all CVE assessments are equal in the degree of danger of vulnerabilities. Moreover, many software manufacturers release product updates without providing them with CVE ratings.