Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

OS X as most vulnerable software of 2015!

AFEPPL

AFEPPL

macrumors 68030
Sep 30, 2014
2,644
1,571
England
Seen them all before and I've been saying it for a while, lots of the security reports have been saying the same thing for both OS X and iOS a while. However it will just get dismissed on here as trolling or "click bait", but i think they are very valid claims (and well independently documented) people need to start waking up to it. Far from the nirvana apple would have you believe for sure.
 
  • Like
Reactions: longofest
chrfr

chrfr

macrumors G5
Jul 11, 2009
13,702
7,264
g00dGod said:
According to a report by security firm GFI, Apple's Mac OS X is the most vulnerable operating system, with the iOS platform coming in second.

what the hell Apple?!
Click to expand...
Everything reported in there is patched. It's unrealistic to call Apple the most vulnerable, but that doesn't make good clickbait.
I'm also unconvinced that each version of Windows has its own set of vulnerabilities.
Also, if the two articles are reporting the same data, why does one report that OS X has 147 vulnerabilities while the other article reports 384?
The articles do make good points that it's important to keep your OS and other software updated, regardless of platform.
 
M

Mikael H

macrumors 6502a
Sep 3, 2014
864
539
g00dGod said:
According to a report by security firm GFI, Apple's Mac OS X is the most vulnerable operating system, with the iOS platform coming in second.

what the hell Apple?!

source:
https://www.hackread.com/apples-os-x-most-vulnerable-software-of-2015/
http://www.zdnet.com/article/mac-os-x-is-the-most-vulnerable-os-claims-security-firm/
Click to expand...
I may be a bit slow, but as I understand it, the number of CVEs counted there include vulnerabilities and bugs that have already been fixed? Then you can't really say that OS X is "the most vulnerable OS" without a list of discovered but unfixed issues for all operating systems or software. Any complex program will have bugs. The important questions are whether they can be practically exploited, and whether they are known.
 
  • Like
Reactions: AZhappyjack
AFEPPL

AFEPPL

macrumors 68030
Sep 30, 2014
2,644
1,571
England
The playing field is the same for all, so his point is a valid one be that they are all addressed for the other platforms too.. The data is a direct extract one assumes from places like NVD which provides data in XML format to allow for categorisation by people like CVEdetails.
 
A

aristobrat

macrumors G5
Oct 14, 2005
12,292
1,403
rshrugged said:
The information breakdown as seen by CVE Details -- http://www.cvedetails.com/vulnerabi.../product_id-156/year-2015/Apple-Mac-Os-X.html
Click to expand...
So this is how they list it, which does make Mac OS look pretty bad.

Mac OS X = 384
Windows 8.1 = 151
Windows Server 2008 = 149
Windows 7 = 147
Windows 8 = 146
Windows Vista = 135
Windows 10 = 53

But when you roll-up all of the Windows versions above into one line for Windows (like how all OS X versions are rolled up into one line), it looks like:

Mac OS X = 384
Windows = 781

That looks completely different.

So why do all OS X versions get reported in one line-item, whereas Windows versions get reported separately?
 
  • Like
Reactions: John Mcgregor, AZhappyjack, Ulenspiegel and 2 others
9

997440

Cancelled
Oct 11, 2015
938
664
aristobrat said:
So this is how they list it, which does make Mac OS look pretty bad.

Mac OS X = 384
Windows 8.1 = 151
Windows Server 2008 = 149
Windows 7 = 147
Windows 8 = 146
Windows Vista = 135
Windows 10 = 53

But when you roll-up all of the Windows versions above into one line for Windows (like how all OS X versions are rolled up into one line), it looks like:

Mac OS X = 384
Windows = 781

That looks completely different.

So why do all OS X versions get reported in one line-item, whereas Windows versions get reported separately?
Click to expand...
The hackread story is based upon a study by CVE Details. I haven't read the actual study yet so I don't know the logic of it, or its worth (assuming I can understand it).

Point of information : CVE Details is a repository who organizes and interprets data it receives from National Vulnerability Database (NVD) and elsewhere. NVD interprets and organizes the data it receives, in the form of CVEs, from MITRE.

CVE Details, how does it work? : http://www.cvedetails.com/how-does-it-work.php

NVD FAQs : https://nvd.nist.gov/faq

CVE FAQs : https://cve.mitre.org/about/faqs
 
hwojtek

hwojtek

macrumors 68020
Jan 26, 2008
2,274
1,277
Poznan, Poland
Still, this is at least misleading.
First, because the adoption of current versions (and subsequent updates) in OS X is much faster than in Windows, which means effectively far smaller percentage of users own a vulnerable system.
Second, because this list contains issues from ALL OS X versions.
Third, because OS X includes software that has its issues patched outside of Apple's authority (like PHP for example, which does not exist in a Windows installation at all) and only then patched by Apple.

So in this case it's not comparing apples with apples. And what aristobrat posted above (Mac OS X = 384 vs Windows = 781) is a closest comparison if we stick to CVE Details' logic.
 
  • Like
Reactions: John Mcgregor
A

Altis

macrumors 68040
Sep 10, 2013
3,167
4,898
hwojtek said:
Still, this is at least misleading.
First, because the adoption of current versions (and subsequent updates) in OS X is much faster than in Windows, which means effectively far smaller percentage of users own a vulnerable system.
Second, because this list contains issues from ALL OS X versions.
Third, because OS X includes software that has its issues patched outside of Apple's authority (like PHP for example, which does not exist in a Windows installation at all) and only then patched by Apple.

So in this case it's not comparing apples with apples. And what aristobrat posted above (Mac OS X = 384 vs Windows = 781) is a closest comparison if we stick to CVE Details' logic.
Click to expand...

And even that logic is broken because the number of versions shouldn't affect the score.

It's only fair to consider the most current release of each operating system, while showing the older releases separately.

Still, makes for some interesting information when you sort out some of that stuff.
 
Ulenspiegel

Ulenspiegel

macrumors 68040
Nov 8, 2014
3,212
2,491
Land of Flanders and Elsewhere
It really makes me smile. "Hackread - Security is a Myth"..... It says a lot like the fact that Hackread is based in Dubai or that Adobe FlashPlayer is more secure than OS X or that interestingly but not surprisingly the most vulnerable systems are both Apple products.
Give me a break.
 
9

997440

Cancelled
Oct 11, 2015
938
664
It appears that both hackread and CVE Details have produced kaka. As far as I know, what hackread is calling a report and a study, by CVE Details, is simply an imperfect list posted without context HERE.

@Mike Boreham - posted a link to a critical, The Register, article --
....However, simply guffawing at Cupertino is problematic for many reasons.

The first is that the CVE Details survey makes no distinction between severity of vulnerabilities in the list. A low-risk vulnerability (for example, something that can only be exploited by an authenticated local user with administrative privilege) is not the same as a remote code execution bug that's easily exploited.....
Click to expand...
http://www.theregister.co.uk/2016/0..._product_in_2015_but_it_doesnt_really_matter/
 
  • Like
Reactions: Ulenspiegel, aristobrat and hwojtek
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom