We noted this in our columns each time an OS X and even iOS operating system update was released. The list of security fixes has tended to get quite overweight.
It is also a great pity that Apple does not expand on the level of danger inherent in such security vulnerabilities. Microsoft has the merit of being more transparent on this subject, even if announcing a critical vulnerability is bad.
GFI Software, which offers IT management solutions and services for network and web security, has published a 2014 accounting balance sheet of security vulnerabilities. It is based on data from the National Vulnerability Database which depends on the US government.
Regarding operating systems, the pompom returns to OS X with 147 vulnerabilities including 64 with a level of dangerousness said high. One might think that there is a link with the open source components used in OS X and for which the search for vulnerabilities is very active.
In second place is Apple's mobile operating system. iOS has been affected by 127 vulnerabilities of which 32 are very dangerous. Windows is third? Well no … it's the Linux kernel for 119 vulnerabilities (24 high).
Windows is behind such competitors with less than forty vulnerabilities per version. They should not be added together since a vulnerability for one version of Windows often affects other versions. However, it should be noted that the vulnerabilities discovered in Windows never have a low level of dangerousness, it is at least average and more frequently high than the others.
As previously pointed out, this is a purely accounting balance sheet that does not highlight the really critical vulnerabilities, nor even the speed of correction. Furthermore, it is not the operating systems most affected by vulnerabilities but applications. And in this area, the 2014 assessment is heavy for Internet Explorer:
Again, it should be borne in mind that even if we are talking about vulnerabilities at the high level of dangerousness, there is no distinction compared to the critical level. In particular, for Google Chrome, among the vulnerabilities discovered, the Mountain View company rarely assigns a critical level.
However, it should also be noted that the number of vulnerabilities for Google Chrome increased significantly in 2014. But it is true that researchers are motivated with bonuses. And when they search … they find.
In 2014, the number of security vulnerabilities was very much higher than in previous years.