AAPL Stock: 113.29 ( + 0.37 )

Printed from

IBM study ranks Mac as most vulernable OS [u]

updated 05:15 pm EST, Wed February 11, 2009

Mac OS vulnerabilities

IBM's security research and development group, X-Force, has released an annual report that suggests Mac is the most vulnerable operating system. The percentage of patched vulnerabilities compared to the total number of disclosed vulnerabilities was used for the rankings, with Mac OS X and OS X Server each leaving 14.3 percent of the problems unresolved. IBM gave the highest score to its own AIX platform, claiming to have fixed over 96 percent of the vulnerabilities, while Microsoft failed to patch between 5.5 percent and 4.1 percent of the reported issues for its Windows operating systems.

While Apple received a comparatively low score regarding the percentage of operating system issues that were addressed, Microsoft lead the pack for overall vulnerability disclosures. The Windows-maker accounted for 3.16 percent of all disclosures, while Apple held a close second place with 3.04 percent. The numbers reflect all software products offered by the companies, which would include their respective web browsers.

The researchers noted a significant uptick in the amount of vulnerabilities surrounding web applications, accounting for over half of the individual disclosures. Out of all the disclosures last year, 74 percent of the vulnerabilities did not receive a vendor-supplied patch by the end of the year. Despite the prevalence of malicious code in web applications, the browsers and browser plug-ins have seen a reduction in vulnerabilities.

Although Microsoft received a better score for disclosed operating system vulnerabilities, malicious website exploits heavily affected Internet Explorer and ActiveX. The two applications accounted for over 67 percent of the exploits, while Adobe Flash and Acrobat established nearly 25 percent. [via Heise Security]

by MacNN Staff



  1. byRyan

    Joined: Dec 1969



    you know the problem with percentages, is if apple has fixed 3 out of 4 holes... and MS has fixed 900 out of 1,000.... Mac has left 25% unpatched and MS has only 10%.

    But in real numbers, MS has 100 holes and mac has 1... percentages can be deceiving.

    also what is the severity of the threat and potential to exploit.

    all so IBM can claim they are better.

  1. stainboy

    Joined: Dec 1969



    you hit the nail on the head.

  1. dagamer34

    Joined: Dec 1969


    Different types of holes

    Again, not to be a fanboy, but when many of the supposed "Apple" holes require you to put in your password, it's no longer a true vulnerability as much as it becomes social engineering.

    You cannot protect idiots from themselves, no matter how advanced an operating system gets.

  1. b9robot

    Joined: Dec 1969


    Idiots buy M is a joke!!!

    Yea right, that's why OSX has no viruses, no spyware, for the last 8 years OSX has been out. That's why government is moving to Macs. That's why Schools and more businesses are moving to Macs. Because it is the least secure OS. NOT!!!!
    If you believe Idiots buy M then people, you got a serious lack of FACTS!!! OSX has passed the highest form of security tests out there. It's not perfect, but it is better than any OS for sale to date PERIOD!!!

  1. Mr. Strat

    Joined: Dec 1969



    A clue is a terrible thing to waste.

  1. Marook

    Joined: Dec 1969


    Look at the list!

    If you take a look at the list:

    You have to go back to 2007! to find a thread listed.. Phew!

  1. russellb

    Joined: Dec 1969


    Fair Go

    Bahhh ohhh sorry just have to wipe the tears from my eyes

    Fair Go !

    lets use some common sense. We all know that any OS can have problems but if you honestly believe Windows is better equipment to deal vulnerabilities and has less than OSX you would either have to be blind freddy or trying to push your own agenda.

  1. macnixer

    Joined: Dec 1969


    so how much did

    IBM get paid by M$ to say that Mac OS X has more vulnerabilities?

    BTW the headline should be corrected. Instead of "vulernable" it should be "vulnerable".

  1. chas_m



    Hey Everybody!

    Let's get the oil companies to do a study on which fuel choice is the smartest!

    Just a hunch, but I'll bet they pick ... um ... OIL!

  1. Guest

    Joined: Dec 1969


    Real arguments please...


    Rather than provide defensive misdirections, is there really any basis to this? Obviously a company like IBM is not just going to make stuff up.

    Does anyone with any security knowledge contest this?

    Having skimmed the report all it does is report on the number of vulnerabilities published. While that could be one metric to use is it valid?

    What about severity of vulnerability? Ease of implementation? Practicality of attack?

    This is a more sensible debate to have...

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

Wren V5US Wireless Sound System

If you're a music fanatic, chances are you are, by extension, a bit fanatical about what you listen to your music on. If you're like ...


Most Commented