Apple’s desktop and mobile operating systems are at the top of the list when it comes to the number of distinct vulnerabilities that have been publicly disclosed in 2015, data from vulnerability aggregator CVE Details shows.
The security vulnerabilities data source keeps track of publicly known information security vulnerabilities and exposures, which is already implied in the Common Vulnerabilities and Exposures (CVE) system’s name. The website aggregates and organizes information received from the National Vulnerability Database (NVD).
According to the data, Apple’s Mac OS X has climbed to the leading position in terms of disclosed vulnerabilities, with 384 security flaws, followed closely by iOS with 375 security issues. Other products from the company had tens or hundreds of flaws that were publicly disclosed in 2015, which landed the company as the top vendor by number of distinct vulnerabilities.
Although exploit kits preying on zero-day or recently patched vulnerabilities in Adobe’s Flash Player made several headlines last year, the popular plugin has seen only 314 publicly disclosed distinct vulnerabilities, which pushed it to the third position on the aforementioned list. Adobe’s AIR SDK and Adobe AIR ended the year on the fourth and fifth positions, respectively, with 246 vulnerabilities (the same as AIR SDK & Compiler, placed sixth).
Popular browsers such as Internet Explorer, Chrome, and Firefox gathered 231, 187, and 178 vulnerabilities respectively, and were placed seventh, eighth, and ninth. Microsoft’s Windows Server 2012 operating system rounds the top 10 software on the list, with 155 publicly disclosed vulnerabilities.
Although Adobe’s products grabbed the third to sixth positions on the list, Microsoft landed on the second place on the list of vendors with the highest number of distinct vulnerabilities disclosed in 2015, with 57. Cisco came in third with 488 vulnerabilities, followed by Oracle with 479, and Adobe only on the fifth position, with 460 vulnerabilities. Google, IBM, Mozilla, Canonical, and Novell round the top 10, with 323, 312, 188, 153, and 143 vulnerabilities, respectively.
Historically, Microsoft has been the vendor to occupy the top position on the list, being present on the first place each year between 1999 and 2010. Since then, Google was the leader in 2011 with 295 security flaws, Oracle in 2012 and 2013, with 380 and 496 bugs, respectively, and IBM in 2014, with 455 vulnerabilities.
While it has been a while since the Cupertino, California tech giant took the top spot on the list, Apple’s Mac OS made it to the top in 2006 with 106 issues, and in 2008 with 96 flaws. Google Chrome topped the charts between 2010 and 2012, with 152, 266, and 249 bugs, respectively, while Internet Explorer did the same in 2002, 2004, and 2014, with 54, 59, and 243 flaws, respectively. The Linux Kernel, Mozilla Firefox, PHP, RedHat Linux, Solaris OS, and Windows NT also reached the top in the past 15 years.
In August, Apple patched multiple vulnerabilities in products such as OS X, iOS, Safari and OS X Server, including a local privilege escalation zero-day that was disclosed by German researcher Stefan Esser in July. The previous month, researchers from Indiana University, Peking University, and Georgia Institute of Technology revealed that cross-app resource access (XARA) attacks are possible on Apple’s operating systems and that malicious apps can steal passwords from other programs.