Conventional wisdom in years past was that hackers didn’t bother to exploit Apple’s OS X operating system because its relatively insignificant market share didn’t warrant wasting resources to exploit it. The reasoning was, why bother with OS X when Windows was pushing over 90 percent of the worldwide OS market?
However, in recent years, Apple has seen an uptick in Mac sales and pretty much dominates the field when it comes to notebooks priced over $1,000. The higher sales profile for Macs running OS X also means more attention from nefarious parties that are ready to strike. The latest report from GFI shows that both of Apple’s major operating systems sat atop the leaderboard when it came to security vulnerabilities during 2014.
According to GFI, OS X took top honors with 147 vulnerabilities, 64 of which were labeled as “high risk”. iOS took the number two position with 127 vulnerabilities, 32 of which were high risk. Rounding out the top three was the Linux kernel, with 119 total vulnerabilities including 24 high risk.
In total, there were 7,038 new security vulnerabilities reported during 2014 according to GFI, which was a marked increase from 4,794 the previous year. Of those 7,038 vulnerabilities, a total of 24 percent were high risk.
“2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems,” said GFI’s Cristian Florian. “Heartbleed, for example, is a critical security vulnerability detected in OpenSSL while Shellshock is a vulnerability that affects GNU Bash.”
OS X Yosemite
We have some questions/reservations about GFI’s numbers, and it relates to how the operating system vulnerabilities are being reported (we’ve reached out to GFI for clarification). First off, it appears that all versions of OS X (Lion, Mountain Lion, Mavericks, Yosemite, etc.) are lumped together under a single “OS X” line entry. However, all major Windows versions (Windows 7, Windows 8, Windows 8.1, Windows Vista, etc.) are given their own separate line entries. It’s possible that this was done because there is a lot of duplication among Windows versions when it comes to vulnerabilities (the number of total, high, medium, and low vulnerabilities among all Windows operating systems is remarkably similar). Regardless, it would be nice to have seen similar metrics used for all operating systems.
On a second note, Android has always been a very popular target for hackers but it’s not specifically called out in this study. Android is likely being lumped in with all Linux kernel operating systems, but again, it would be nice to see some distinctions made here to make a more reasoned comparison between platforms.
When it comes to applications, Microsoft’s Internet Explorer led the list with 242 total vulnerabilities, nearly twice that of the next closest entry, Google Chrome, with 124 total vulnerabilities. The number of high risk vulnerabilities was also troubling for Microsoft, as 220 were reported versus Google Chrome’s 86.
Adobe Flash Player, always a headline maker when it comes to security vulnerabilities, surprisingly came in “only” fourth place (76 total vulnerabilities) behind Mozilla Firefox (117 total vulnerabilities).
In light of all the hoopla surrounding Lenovo and the Superfish adware, we all should remain vigilant when it comes to computer security, regardless of what platform we use. GFI suggests common sense steps to protect yourself including keeping your operating system, Internet browsers, and Java software fully patched. GFI also wisely suggests that Internet users simply ditch Adobe products like Flash Player and Reader altogether to avoid becoming the victim of malicious hackers.