The Computer Vulnerabilities and Exposures (CVE) website provides yearly summaries of application and operating systems vulnerabilities. Having a vulnerability is not the same as it actually being exploited, but the figures provide a useful, if somewhat crude way, of identifying what needs protecting and how this compares to 2015.
For anyone that doesn’t want to read much further the key points are
- Operating systems: Android has the most vulnerabilities, followed by Linux distributions, Mac OSX and then Windows 10. By vendor, Microsoft had the most vulnerabilities.
- Applications: Flash has the most vulnerabilities, followed by four other Adobe products and then Chrome, Microsoft Edge, Firefox and IE. By vendor, Adobe has the most vulnerabilities
Android is a long way ahead (or should that be behind?) of the others, a big increase from the number of vulnerabilities in 2015. Then comes a number of Linux distributions, Mac OSX, Windows 10, iOS and older versions of Windows. Mac OSX and iOS have fewer vulnerabilities than in 2015, with the number for Windows 10 going up. Probably because its market share increased and more people started looking for vulnerabilities. Ways to protect against vulnerabilities being exploited are
Ways to protect against vulnerabilities being exploited include:
- applying OS patches as they become available
- using anti-virus and anti-malware tools
- being wary of emails from unknown sources and unexpected emails from known sources (email accounts are being taken over and used to send out emails with links to malware or have viruses attached to them)
- only using accounts with Administrator privileges when there is a valid need to make/apply updates
- For mobile devices, only download apps from the Apple App store or Google play
Viewing these figures by vendor gives a different insight. Microsoft has the most, followed by Redhat and Apple. Both Microsoft and Apple reduced the number compared to 2015, Apple having a larger decrease.
Adobe products hold the top 5 positions. These are followed by Chrome, Microsoft Edge, Firefox and IE. Flash has less vulnerabilities compared to 2015, but the number is still very high.
Viewing these figures by vendor gives the expected result. Adobe products way out in front followed by Microsoft, Mozilla and Google. Apple only just makes it to the end of the chart.