Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Software With The Most Vulnerabilities

John Mcgregor said:
I'm talking about the phones if you haven't deduced yet.
Click to expand...

That's nice being that the article wasn't about phone OS's. I do agree that the people have spoken and they by and large have chosen Android for whatever reason. Please go into a high end and profits rant now.
 
iOS and OS X have been at the top of the list for a while.
No surprises. I regularly look at this sort of stuff and have posted similar reports before.
 
That sentence makes zero sense...
What's the "rate of infection" for ANY consumer device? That data is not really known, so it has no meaning...

The findings are the finding, you can't dress them up or spin them. It's not data from another vendor bashing someone else. It's multiple independent sources reporting what is what - like it or not.
 
Last edited:
  • Like
Reactions: khha4113 and jamezr
AFEPPL said:
iOS and OS X have been at the top of the list for a while.
No surprises. I regularly look at this sort of stuff and have posted similar reports before.
Click to expand...

It depends on how you count. I'll take the Apple vulnerability list over the Windows ecosystem vulnerability list any day of the week.

Windows vulnerabilities are regularly along the lines of

"A remote, unauthenticated attacker can take full control of your system"

vs. the Mac "vulnerability" typically (not always, there are exceptions, but they are rare) requiring user interaction in order to run.

They may both be vulnerabilities, but the windows threat level is generally far, far higher - so simply counting vulnerability numbers and claiming "mac has more, it is less secure" is complete bollocks.

I do enterprise security for a living...
[doublepost=1455722243][/doublepost]
mi7chy said:
Doesn't matter. Surface Phone is going to be part of that 90%.
Click to expand...

A very, very small and insignificant part...
 
  • Like
Reactions: willmtaylor and AustinIllini
AFEPPL said:
That sentence make zero sense...
What's the "rate of infection" for ANY consumer device? That data is not really known, so it has no meaning...

The findings are the finding, you can't dress them up or spin them. It's not data from another vendor bashing someone else. It's multiple independent sources reporting what is what - like it or not.
Click to expand...
Well, to be fair, the exploits themselves are certainly one statistic, but the rate at which they actually get exploited (in real life) is another statistic which is quite relevant and meaningful as well.
 
  • Like
Reactions: Zirel
C DM said:
Well, to be fair, the exploits themselves are certainly one statistic, but the rate at which they actually get exploited (in real life) is another statistic which is quite relevant and meaningful as well.
Click to expand...

My point was we don't know that statistic, so it's not something we can actually compare with any meaningful accuracy.
 
AFEPPL said:
My point was we don't know that statistic, so it's not something we can actually compare with any meaningful accuracy.
Click to expand...

Sure it is, but it's only part of the picture. I know know that the kernel I use has a bunch of exploits though I don't know which kernel but I can keep this news on the Arch and Linux forums so that they know I'm actually paying attention. The goal is zero exploits and until that number is zero there is something to work on.
 
Last edited:
Some wacky logic in that thread around adding up the versions... most of the windows ones are IE related which is across all those platforms, so you cant count one bug 6 times, hence why the windows number is actually in real terms lower than OS X.
 
C DM said:
Well, to be fair, the exploits themselves are certainly one statistic, but the rate at which they actually get exploited (in real life) is another statistic which is quite relevant and meaningful as well.
Click to expand...
That is exactly the point; and more so than the aggregate number on a platform. Heart bleed anyone? Zero day Windows?
 
Unfortunately the reality is the reality,
iOS and OS X have huge issues with vulnerabilities, thats the statistic by the people that look at the software stack.....
 
Sevanw said:
Not sure if this was ever posted, but a very interesting read. It shows Windows and Android with less vulnerabilities than iOS and Mac OSX in 2015.

http://venturebeat.com/2015/12/31/s...lnerabilities-in-2015-mac-os-x-ios-and-flash/
Click to expand...

Because Apple makes public every vulnerability found and fixed, while Microsoft doesn't.

Also, Android phones aren't Android alone, are Linux + Android + Google Apps, at least, and mostly have + OEM Apps + Carrier Apps. All summed, may be compared to an iOS installation.
[doublepost=1455820108][/doublepost]
AFEPPL said:
Unfortunately the reality is the reality,
iOS and OS X have huge issues with vulnerabilities, thats the statistic by the people that look at the software stack.....
Click to expand...

No, they don't. (see, I can also make vague and unfounded statements).
 
Zirel said:
Because Apple makes public every vulnerability found and fixed, while Microsoft doesn't.

Also, Android phones aren't Android alone, are Linux + Android + Google Apps, at least, and mostly have + OEM Apps + Carrier Apps. All summed, may be compared to an iOS installation.
[doublepost=1455820108][/doublepost]

No, they don't. (see, I can also make vague and unfounded statements).
Click to expand...
They make public every vulnerability they fix not all that are found.
 
Zirel said:
No, they don't. (see, I can also make vague and unfounded statements).
Click to expand...

Let me guess, it's either a conspiracy against apple or click bait?
The facts are clear and independent, the iOS and OS X software stacks DO have more vulnerabilities - PERIOD.

Nothing vague and unfounded about it at all. The data is fully documented and publicly reported by multiple sources.
 
AFEPPL said:
Let me guess, it's either a conspiracy against apple or click bait?
The facts are clear and independent, the iOS and OS X software stacks DO have more vulnerabilities - PERIOD.

Nothing vague and unfounded about it at all. The data is fully documented and publicly reported by multiple sources.
Click to expand...

Whatever makes you happy.

Whenever someone gets their Windows files cryptolocked or their Android had a malicious app that took a photo, and now wants money for it, you are going to say that OS X and iOS are way worse.

Nobody credible in the security and privacy scene supports your view. Nobody!
 
  • Like
Reactions: willmtaylor and throAU
Apart from all the independent companies that make it their business..? So pretty much everyone then?
All the issues have a CVE number!! so you could double-check the claims say with http://www.cvedetails.com

And they give you a clear and accurate picture of where the data is obtained from...
"CVE vulnerability data are taken from National Vulnerability Database (NVD) xml feeds provided by National Institue of Standards and Technology." So you could also goto NIST directly if you wish..
 
AFEPPL said:
Some wacky logic in that thread around adding up the versions... most of the windows ones are IE related which is across all those platforms, so you cant count one bug 6 times, hence why the windows number is actually in real terms lower than OS X.
Click to expand...
Similarly, a significant number of the vulnerabilities reported for iOS and OS X are the same. A strong argument could be made that iOS and OS X should be counted together.
The reality, though, is that reporting patched vulnerabilities is pretty much irrelevant to anything. By this list, a severely exposed operating system with no patches whatsoever would appear more secure than anything else on the list.
 
Zirel said:
Whatever makes you happy.

Whenever someone gets their Windows files cryptolocked or their Android had a malicious app that took a photo, and now wants money for it, you are going to say that OS X and iOS are way worse.

Nobody credible in the security and privacy scene supports your view. Nobody!
Click to expand...
The metric by itself means nothing and has to be tempered with the severity and likelihood of infection. For example, how many ios devices were actually compromised by the various vulnerabilities against for example NIMDA or Code red.
 
  • Like
Reactions: willmtaylor and throAU
AFEPPL said:
Apart from all the independent companies that make it their business..? So pretty much everyone then?
All the issues have a CVE number!! so you could double-check the claims say with http://www.cvedetails.com

And they give you a clear and accurate picture of where the data is obtained from...
"CVE vulnerability data are taken from National Vulnerability Database (NVD) xml feeds provided by National Institue of Standards and Technology." So you could also goto NIST directly if you wish..
Click to expand...

Yep, those who depende on scare tactics to sell their products will market this as much as they can.

Good assessment!
[doublepost=1455849674][/doublepost]
chrfr said:
Similarly, a significant number of the vulnerabilities reported for iOS and OS X are the same. A strong argument could be made that iOS and OS X should be counted together.
The reality, though, is that reporting patched vulnerabilities is pretty much irrelevant to anything. By this list, a severely exposed operating system with no patches whatsoever would appear more secure than anything else on the list.
Click to expand...

Exactly.

I would challenge anyone to point to me a vulnerability on that magic website were iOS 9.2.1 is affected, or OS X 10.11.3.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back