Prior to the Flashback malware fiasco, Apple’s platforms had a reputation for being secure. That reputation might not have been deserved, if a report from the first quarter of 2012 is to be believed. That report, which predated the discovery of the Flashback trojan, took a look at the number of vulnerabilities that major tech vendors reported. The numbers might surprise you.
The report comes from Trend-Micro, a computer security company. A healthy bit of skepticism is probably good when reviewing reports of rampant vulnerabilities from companies that sell products to contain the fallout from those vulnerabilities. Here, though, the numbers are based on vulnerabilities as cataloged by CVE, which describes itself as “a dictionary of publicly known information security vulnerabilities and exposures.” The numbers, therefore, are only as good as the data from CVE. According to Wikipedia, CVE is maintained by MITRE Corporation, “with funding from the National Cyber Security Division of the United States Department of Homeland Security.”
It’s also import to remember that we’re not exactly comparing apples to apples. A vendor with one main product or a very simple product, for example, stands a good chance of experiencing a lower number of vulnerabilities than a vendor with many products or complex products.
Apple took top (or worst) billing, with 91 reported vulnerabilities. Oracle, Google, and Microsoft followed, with 78, 73, and 43 vulnerabilities, respectively. Apache got top marks with 24 vulnerabilities.
Keep in mind one important factor, though: number of vulnerabilities does not equal number of attacks. The Trend Micro report specifically calls out Android, identifying approximately 5000 malicious Android apps in the quarter.
It’s a scary world out there. Do you feel safe on your devices?