The Mac Security Blog

Recommended + Security & Privacy + Security News

OS X and iOS Vulnerabilities Top Security Vulnerability Chart, Far Ahead of Windows

Posted on by

Security holes

Here is some news which will upset the Apple fanboy in all of us.

A new report has found that the number of high severity security vulnerabilities increased in 2014, and the Mac OS X and iOS operating systems dominate the chart, while Windows recedes.

In short: security researchers are saying that Mac OS X is the most vulnerable operating system out there.

In total, 147 vulnerabilities were reported in OS X during 2014, with 64 rated as “high severity.” Those are the most serious vulnerabilities that could be exploited by an attacker remotely. Meanwhile, 67 of the vulnerabilities were given a medium severity.

A combined 127 vulnerabilities were reported for iOS, with 32 of the security flaws rated high severity, and 72 medium.

Steel yourself, and take a quick look at the chart produced by security firm GFI:

Operating system vulnerabilities

The chart doesn’t seem to be entirely fair from my perspective. For instance, each version of Microsoft Windows gets its own entry—but Apple operating systems have their different versions lumped together.

Still, there’s a clear message here that Apple OSes are frequently the subject of serious vulnerability discovery. Something that may be a shock to those who dream that their devices “just work” perfectly.

The Good, The Bad, and The Ugly

If you wanted to try to put a positive spin on things, you might argue that it is good that so many vulnerabilities are being found on Apple operating systems, as that (hopefully) means they are getting patched promptly and who knows how many more severe vulnerabilities there might be in, say, Windows that as yet lie undiscovered.

You might also convince yourself that it doesn’t matter that much just how many vulnerabilities are found in an operating system, but how actively attackers are attempting to exploit them in order to compromise systems or infect them with malware.

It’s well known, for instance, that the number of new malware variants created for Macs is tiny compared to the onslaught analysed on Windows by anti-virus labs every day.

Not that any of this means that you shouldn’t take security seriously, of course, and this doesn’t negate the importance of applying security updates and running Mac anti-virus software. In an ideal world, these vulnerabilities should have been found and fixed before the software ever shipped out of Cupertino.

Every vulnerability found may be good news (“it’s been found!”), but it’s also a failure of quality control and testing.

Interestingly, things take a less Apple-y turn when you examine the chart showing not the list of operating systems with the most vulnerabilities—but the chart of applications with the most reported vulnerabilities.

And what do we find? Microsoft Internet Explorer is riddled with so many security holes that you might as well think of it as the Swiss cheese of web browsers.

Application vulnerabilities

Bet you’re glad that you can’t get Internet Explorer for your Mac any more, aren’t you? 🙂

And it’s no surprise at all to see familiar faces like Adobe Flash and Java taking a prominent position in this list alongside the most popular browsers.

Multi-Layered Approach to Security

In a nutshell, the takeaway from studies like this is not to crow about how much better one operating system might be than another one, but instead to remember that security must be taken seriously whatever flavour of OS you decided to run on your computer.

Basically, keep your security patches up to date or suffer the consequences! This highlights the fact that a multi-layered approach to security is the best method to protect your digital life from the bad guys.

Which is very easy for us to say, but not always easy for the average computer user to do. Because, obviously, there are still many people using older versions of OS X and iOS who might not be able to update their iPhones or iMacs, because their hardware no longer supports the latest and greatest (and safest) version.

Even though Apple has made some things better by making OS updates available for free, I do wish that they made more efforts to support legacy versions of their operating systems with security updates.

It’s more effort for them to do, of course, but surely those users who made a purchase a few years ago deserve to be kept updated against the latest security vulnerabilities as much as those who just bought a shiny new gadget in the Apple Store last weekend?

About Graham Cluley

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security. Follow him on Twitter at @gcluley. View all posts by Graham Cluley →