Windows doesn't top the vulnerability list for 2015, but Microsoft as a whole does

[Batu69]

 

Software vulnerabilities are a daily event it seems, but some systems just have more of them. When we think of this a couple of names usually spring to mind -- Flash and Java. However, according to the new list being published by CVE Details, they aren't quite at the top, nor is Microsoft's oft-maligned operating system.

 

Basing its numbers on "distinct" vulnerabilities, the security firm has released its top 50 naughty list of 2015. Leading the way was, in fact, Apple, which claimed the top two spots -- Mac OS X with a number of 384 vulnerabilities, closely followed by iPhone OS (or iOS as most people like to call it) with 375.

 

Take heart though, as Flash finished a (dis)respectful third with 314 vulnerabilities . Actually Adobe occupies places three through six, as Air didn't fare much better than Flash. Java landed much further down the list with JRE and JDK in 29th and 30th place respectively.

 

As for Microsoft, the company didn't do terribly. Internet Explorer was the most vulnerable browser, but Chrome and Firefox were on its heels. Windows 8.1 came in 12th with 151 vulnerabilities, while Windows 7 claimed the 14th spot with 147.

 

Other notable products on the list include Android, Acrobat, Safari, Windows Server, E-Business Suite, Debian Linux and more. Even Windows Vista and Server 2003 managed to crack the top 50 which is bad news for those poor souls still using them.

 

In many cases versions are not specified. OS X, for instance, doesn't specify a particular flavor while Windows is divided up into different versions. Overall Microsoft still holds the top spot with the most vulnerabilities in total, followed by Adobe in second. It's just a matter of division. Adobe Flash is not broken up into versions, nor are the browsers, so take all of this with a grain of salt. Remember these are only publicly reported flaws.

 

It's also important to understand that it's not purely the number of vulnerabilities that matter, but also the severity of them.

 

You can review the whole list at CVE Details, results may be surprising and scary.

 

Article source

[steven36]

Surprise! Flash Is Not 2015's Most Vulnerable Software

Flash ranks only 3rd in 2015's most vulnerable software list

Now that 2015 has officially ended let's take a retrospective look over what happened during the past year when it comes to critical or highly critical security vulnerabilities.

During the past 365 days, independent security researchers, cyber-security firms, and even the makers of various software themselves have reported security vulnerabilities, and when necessary, have asked for a CVE (Common Vulnerabilities and Exposures) identifier.

These CVE numbers are used to track security flaws across products and time, and if you hang around infosec circles long enough, you understand how crucial they can be to a security researcher's work.

Apple - the company with the most security bugs in 2015

According to CVE Details, a website that manages an inventory of security vulnerabilities based on their CVE identifiers, during 2015, the company for which the most new CVE numbers have been assigned was Apple.

Security researchers discovered 654 security flaws in Apple's products, 83 more security bugs than Microsoft's total of 571 vulnerabilities, the company that came in second.

The rest of the top 10 continues with Cisco - 488 security bugs, Oracle - 479 bugs, Adobe - 460 bugs, Google - 323 bugs, IBM - 312 bugs, Mozilla - 188 bugs, Canonical - 153 bugs, and Novell - 143 bugs.

If you're wondering who received Apple's crown in the past years, IBM got it in 2014 (455 bugs), Oracle in 2013 (496 bugs), Oracle again in 2012 (380 bugs), and Google in 2011 (295 bugs). Between 1999 and 2010, Microsoft "won" the title each year.

OS X - the product with the most security bugs in 2015

As for software products, an Apple product won this title too, with the OS X operating system coming first with 384 security bugs, and iOS coming in second, with 375 bugs.

Third on the list is Adobe's Flash Player, which many security experts expected to come first, especially after the slew of security bugs that spilled out in the open after the Hacking Team data breach. In 2015, Flash had "only" 316 security bugs.

The rest of the top 10 is as follows: Adobe AIR  - 246 security bugs, Internet Explorer - 231 bugs, Google Chrome - 187 bugs, Mozilla Firefox - 178 bugs, Windows Server 2012 - 155 bugs, Ubuntu - 152 bugs, and Windows 8.1 - 151 bugs.

 

In the previous years, the software products that ranked the most vulnerable were: Internet Explorer in 2014 (243 bugs), the Linux Kernel in 2013 (189 bugs), Google Chrome in 2012 (249 bugs), Google Chrome again in 2011 (266 bugs), Google Chrome for the three-peat in 2010 (152 bugs), Mozilla Firefox in 2009 (126 bugs), Mozilla Firefox tied with Apple OS X in 2008 (96 bugs), PHP in 2007 (114 bugs), Apple OS X in 2006 (106 bugs), the Linux Kernel in 2005 (133 bugs), Internet Explorer in 2004 (59 bugs), Solaris OS in 2003 (44 bugs), Internet Explorer in 2002 (54 bugs), RedHat Linux in 2001 (47 bugs), RedHat Linux again in 2000 (47 bugs), and Windows NT in 1999 (64 bugs).

 

As you can see, Flash was never that bad as people thought, but that doesn't mean you still need to use it.

http://news.softpedia.com/news/surprise-flash-is-not-the-most-insecure-software-of-2015-498334.shtml