Connect with us

Hi, what are you looking for?



Mac OS X, iOS Registered Most Disclosed Vulnerabilities in 2015

Apple’s desktop and mobile operating systems are at the top of the list when it comes to the number of distinct vulnerabilities that have been publicly disclosed in 2015, data from vulnerability aggregator CVE Details shows.

Apple’s desktop and mobile operating systems are at the top of the list when it comes to the number of distinct vulnerabilities that have been publicly disclosed in 2015, data from vulnerability aggregator CVE Details shows.

The security vulnerabilities data source keeps track of publicly known information security vulnerabilities and exposures, which is already implied in the Common Vulnerabilities and Exposures (CVE) system’s name. The website aggregates and organizes information received from the National Vulnerability Database (NVD).

According to the data, Apple’s Mac OS X has climbed to the leading position in terms of disclosed vulnerabilities, with 384 security flaws, followed closely by iOS with 375 security issues. Other products from the company had tens or hundreds of flaws that were publicly disclosed in 2015, which landed the company as the top vendor by number of distinct vulnerabilities.

Although exploit kits preying on zero-day or recently patched vulnerabilities in Adobe’s Flash Player made several headlines last year, the popular plugin has seen only 314 publicly disclosed distinct vulnerabilities, which pushed it to the third position on the aforementioned list. Adobe’s AIR SDK and Adobe AIR ended the year on the fourth and fifth positions, respectively, with 246 vulnerabilities (the same as AIR SDK & Compiler, placed sixth).

Popular browsers such as Internet Explorer, Chrome, and Firefox gathered 231, 187, and 178 vulnerabilities respectively, and were placed seventh, eighth, and ninth. Microsoft’s Windows Server 2012 operating system rounds the top 10 software on the list, with 155 publicly disclosed vulnerabilities.

Although Adobe’s products grabbed the third to sixth positions on the list, Microsoft landed on the second place on the list of vendors with the highest number of distinct vulnerabilities disclosed in 2015, with 57. Cisco came in third with 488 vulnerabilities, followed by Oracle with 479, and Adobe only on the fifth position, with 460 vulnerabilities. Google, IBM, Mozilla, Canonical, and Novell round the top 10, with 323, 312, 188, 153, and 143 vulnerabilities, respectively.

Historically, Microsoft has been the vendor to occupy the top position on the list, being present on the first place each year between 1999 and 2010. Since then, Google was the leader in 2011 with 295 security flaws, Oracle in 2012 and 2013, with 380 and 496 bugs, respectively, and IBM in 2014, with 455 vulnerabilities.

Advertisement. Scroll to continue reading.

While it has been a while since the Cupertino, California tech giant took the top spot on the list, Apple’s Mac OS made it to the top in 2006 with 106 issues, and in 2008 with 96 flaws. Google Chrome topped the charts between 2010 and 2012, with 152, 266, and 249 bugs, respectively, while Internet Explorer did the same in 2002, 2004, and 2014, with 54, 59, and 243 flaws, respectively. The Linux Kernel, Mozilla Firefox, PHP, RedHat Linux, Solaris OS, and Windows NT also reached the top in the past 15 years.

In August, Apple patched multiple vulnerabilities in products such as OS X, iOS, Safari and OS X Server, including a local privilege escalation zero-day that was disclosed by German researcher Stefan Esser in July. The previous month, researchers from Indiana University, Peking University, and Georgia Institute of Technology revealed that cross-app resource access (XARA) attacks are possible on Apple’s operating systems and that malicious apps can steal passwords from other programs.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.