{"id":3266,"date":"2010-07-31T18:39:22","date_gmt":"2010-07-31T22:39:22","guid":{"rendered":"http:\/\/rbach.net\/blog\/?p=3266"},"modified":"2022-12-30T15:26:21","modified_gmt":"2022-12-30T20:26:21","slug":"apple-has-most-holes","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/apple-has-most-holes\/","title":{"rendered":"Apple Has Most Holes"},"content":{"rendered":"

\"AppleSecurity company Secunia<\/a><\/strong> is reporting that Apple<\/a><\/strong> (AAPL<\/a>) software has the most security vulnerabilities<\/strong>. According to the recent Secunia Half Year Report 2010<\/strong> (PDF<\/a>) Apple has displaced Oracle<\/strong><\/a> as the company with the most security vulnerabilities in its software over the first half of 2010. Microsoft<\/a><\/strong> retains its third-place<\/strong> spot.<\/p>\n

Wired<\/em><\/a>\"Apple<\/a> points out<\/a> that this does not necessarily mean that Apple’s software is the most insecure in practice. The report takes no consideration of the severity of the flaws, it points at a growing trend in the world of security flaws: the role of third-party software. Many of Apple’s flaws are not in its operating system, Mac OS X, but rather in software like Safari, QuickTime<\/a>, and iTunes. Vendors like Adobe<\/a> (with Flash and Adobe Reader) and Oracle (with Java) are similarly responsible for many of the flaws being reported. The top ten third-party applications, ranked by total number of reported vulnerabilities:<\/p>\n

1. Mozilla Firefox
\n2. Apple Safari<\/a>
\n3. Sun Java JRE
\n4. Google Chrome
\n5. Adobe Reader
\n6. Adobe Acrobat
\n7. Adobe Flash Player
\n8. Adobe AIR
\n9. Apple iTunes<\/a>
\n10. Mozilla Thunderbird<\/p>\n

\"Secunia<\/a>To illustrate this point, ars technica<\/em><\/a> says<\/a> the report includes cumulative figures for the number of vulnerabilities found on a Windows PC with the 50 most widely used programs. Five years ago, there were more first-party flaws (in Windows and Microsoft’s other software) than third-party. Since about 2007, the balance shifted towards third-party programs. Secunia predicts that third-party flaws will outnumber first-party flaws by two-to-one by the end of 2010.<\/p>\n

Secunia also makes a case that effectively updating third-party software is much harder to do; because Microsoft’s Windows Update and Microsoft Update systems will offer protection for around 35% of reported vulnerabilities, patching the rest requires the use of 13 or more updating systems. Some vendors\u2014Apple, Mozilla, and Google, for example\u2014do have decent automatic update systems, but others require manual intervention by the user.<\/p>\n

\"Steve<\/a><\/p>\n

Related articles<\/h6>\n