The Channel logo


By | Darren Pauli 26th February 2015 07:58

And the buggiest OS provider award goes to ... APPLE?

Count of 2014's flaws finds more nasties in Mac OS and iOS than in Windows or Linux

Apple's operating systems and Linux racked up more vulnerability reports than Windows during 2014, according to research from security outfit GFI.

Cupertino's OS X and iOS platforms topped the 2014 bug charts with 147 and 127 holes disclosed in each, nudging out the Linux Kernel with 119 flagged flaws, the National Vulnerability database statistics show.

Apple also has the most high-risk holes with 64 reported in OS X, and is just nudged out by Linux in the medium-severity stakes which clocked 74 flaws to iOS' 72.

Windows platforms were far behind with 68 total reported bugs and 20 medium-severity flaws reported. Surveyed Windows releases included Windows 8, 8.1, 7, Vista, and RT, along with Server 2012 and 2008. All had between 30 and 38 vulnerabilities.

Crucially, up to 80 percent of the reported bugs concerned third party applications, and only 13 percent related to the operating systems in question.

Stats tallier and hacker Cristian Florian says he grouped the various Linux flavours into single categories because it was difficult to parse affected distributions as the kernel can be independently upgraded. Here's how he explains himself:

“The operating systems are different and it is hard to group them in a way that everybody agrees with. For example, unlike Windows, the Linux Kernel can be upgraded independently of the rest of the operating system; therefore it is hard to link Linux Kernel vulnerabilities to a specific Linux distribution or Linux distribution version. This is why Linux vulnerabilities are grouped under Linux Kernel as a separate product and then there are the specific vulnerabilities for each Linux distribution. The reason why only Linux Kernel and Apple OS X are listed at the top is because the number of vulnerabilities that specifically apply to other Linux distributions (like Red Hat, Debian, etc.) is lower than the number of vulnerabilities that apply to the operating systems already listed.

Florian says the total pool of reported vulnerabilities rose by 2,244, up almost 50 percent on the previous year, GFI says.

That bumper year was tough on Linux which endured some of 2014's most critical security issues including Heartbleed and ShellShock that impact Linux apps.

Microsoft's good run ends when one counts browser bugs. Internet Explorer threw up 242 bug reportes, ahead of Google Chrome's 124 flaws, and Mozilla Firefox's 117.

The don't-try-this-at-home surf tool also blew away the competition with 220 high severity holes reported to the Choc Factory's 86, and Fox's 57.

Safari came in with 70 total reported holes of which only three were high-severity.

The statistics do not place one operating system above another in the security stakes, or suggest that Windows is more secure than Linux, but merely indicate the attention paid to bug discovery and subsequent reporting. ®

comment icon Read 129 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe