updated 05:15 pm EST, Wed February 11, 2009
Mac OS vulnerabilities
IBM's security research and development group, X-Force, has released an annual report that suggests Mac is the most vulnerable operating system. The percentage of patched vulnerabilities compared to the total number of disclosed vulnerabilities was used for the rankings, with Mac OS X and OS X Server each leaving 14.3 percent of the problems unresolved. IBM gave the highest score to its own AIX platform, claiming to have fixed over 96 percent of the vulnerabilities, while Microsoft failed to patch between 5.5 percent and 4.1 percent of the reported issues for its Windows operating systems.
While Apple received a comparatively low score regarding the percentage of operating system issues that were addressed, Microsoft lead the pack for overall vulnerability disclosures. The Windows-maker accounted for 3.16 percent of all disclosures, while Apple held a close second place with 3.04 percent. The numbers reflect all software products offered by the companies, which would include their respective web browsers.
The researchers noted a significant uptick in the amount of vulnerabilities surrounding web applications, accounting for over half of the individual disclosures. Out of all the disclosures last year, 74 percent of the vulnerabilities did not receive a vendor-supplied patch by the end of the year. Despite the prevalence of malicious code in web applications, the browsers and browser plug-ins have seen a reduction in vulnerabilities.
Although Microsoft received a better score for disclosed operating system vulnerabilities, malicious website exploits heavily affected Internet Explorer and ActiveX. The two applications accounted for over 67 percent of the exploits, while Adobe Flash and Acrobat established nearly 25 percent. [via Heise Security]