In 2015, there was a count done on the amount of Common Vulnerabilities and Exposures (CVEs) dispersed around various platforms, and based on the results, it was proven that Apple Inc. (NASDAQ:AAPL) was noted as the year’s most-consultive operating system. This, in turn, led to further vaunting headlines of the OS X being the most vulnerable of the entire pack.
According to CVE Details, all versions of the Mac OS X had allegedly received 384 CVE advisories in 2015, with iOS having 375 and Flash following up with 314. CVEs from Windows are usually split according to the various platforms, filling most of the positions from 10th to 18th, but in an unfamiliar and almost ironic twist, Internet Explorer which happens to be Redmond’s worst product only came up with 231 CVEs.
Laughing in mockery at Cupertino can prove very troubling for many reasons. One of these being that the CVE Details survey does not differentiate between high and low vulnerability on any of their listings. For instance, a low-risk vulnerability which is anything that can be taken advantage of by a genuine local user with authoritative rights, cannot be the same as a remote code execution bug that can be easily taken advantage of.
The second reason which is applicable to many platforms is that there are many cross-platform security bugs. One of the many examples that can be used is “Libpng” which can be found just about everywhere, from smart watches to browsers. Even though it may have had only four advisories in 2015, it drew patches from a lot of vendors while hopping from platform to platform.
The third reason being that CVE Details look very irresponsible in its issuing of CVE to projects and fourthly, the CVEs only counted reported vulnerabilities and refuse to highlight the ones are hidden by various black hats and security agencies, and nothing good can be derived from transforming the CVEs into a marketing card of sorts.
Excluding the list that is preferred by most outlets, this chart has noted that Adobe and Microsoft had both out-CVEd Apples in vulnerabilities in the category of “vendor” across the Top 50 in CVE Details. That count still proves to be quite troublesome, given details of the summaries in the CVE are limited to the Top 50. In that case, the list is very kind to Cisco because its iOS racked up only 84 vulnerabilities while across all platforms The Borg had their hands full with 488 CVEs.
Cisco should be applauded for this, and not to be portrayed as less secure than its Apple counterpart. Like most of the other majors, it too is working tirelessly to locate and repair its bugs and respond timely to bugs reported to it.
