Mac OS X and iOS top 2014 security vulnerability list

Discussion in 'Apple, Inc and Tech Industry' started by bobenhaus, Feb 22, 2015.

  1. bobenhaus macrumors 6502a

    Joined:
    Mar 2, 2011
    #1
  2. mKTank macrumors 68000

    mKTank

    Joined:
    Jul 2, 2010
    #2
    So basically meaningless.
     
  3. MRU, Feb 22, 2015
    Last edited by a moderator: Feb 23, 2015

    MRU macrumors demi-god

    MRU

    Joined:
    Aug 23, 2005
    Location:
    Ireland
    #3
    Likewise I've fixed well over 100 computers in 2014 for malware & hijacks and other software errors - care to guess how many were macs ? I take neowin article with not a pinch, but a shovel of salt.
     
  4. Johnlpi macrumors member

    Joined:
    Feb 17, 2015
    #4
    This post from the comment section made me laugh
    virtorio
    "OS X Yosemite was very secure for those who couldn't get their WiFi to stay connected."

    lol Of course it's been fixed now but still....
     
  5. Steve121178 macrumors 68040

    Steve121178

    Joined:
    Apr 13, 2010
    Location:
    Bedfordshire, UK
    #5
    Only in the unlikely event that no one is using them.

    Apple's quality has gone out the window so it wouldn't surprise me if most of the OS X vulnerabilities reported are for OS X versions Lion & above which affects pretty much everyone.

    Apple had a horrible 2014 when it came to exploits, malware and security issues and this news has my I.T department rolling on the floor laughing at Apple. "We thought OS X was meant to be ultra secure & stable?" they said. "It used to be" was my reply.
     
  6. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #6
    Yep meaningless. At least break out the versions,
     
  7. lowendlinux Contributor

    lowendlinux

    Joined:
    Sep 24, 2014
    Location:
    North Country (way upstate NY)
    #7
    Because you don't like the data is not a reason to criticize the report.
     
  8. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #8
    Actually it is a great reason to criticize the report. On the other hand, because "you" like the report doesn't means it's inherently useful.

    So this is another case of "if it's published in the Internet it must be true and useful".
     
  9. lowendlinux, Feb 23, 2015
    Last edited: Feb 23, 2015

    lowendlinux Contributor

    lowendlinux

    Joined:
    Sep 24, 2014
    Location:
    North Country (way upstate NY)
    #9
    I actually don't like the report at all my two chosen computer OS's top that list. It was a bad year for *nix
     
  10. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #10
    The problem is that since it doesn't break out by version (which it does for Windows), you don't know of the current versions are better/worse.

    Seems like click bait to me, at least provide detailed information.
     
  11. Michael Goff, Feb 23, 2015
    Last edited: Feb 23, 2015

    Michael Goff macrumors G3

    Michael Goff

    Joined:
    Jul 5, 2012
    #11
    Their data came from that NVD. It's not like Neowin came up with these numbers...

    Edit: Also, I'm guessing the people here will point to IE being high on the list at some point and ignore the fact that the browsers aren't by version either.
     
  12. I7guy macrumors G5

    Joined:
    Nov 30, 2013
    Location:
    What Exit?/Saguaro Country
    #12
    I get it now, but it would still be extremely useful to know what version as 2014 saw a myriad of iOS versions at the very least.
     
  13. lowendlinux Contributor

    lowendlinux

    Joined:
    Sep 24, 2014
    Location:
    North Country (way upstate NY)
    #13
    iOS and OS X share a kernel now so some of those vulnerabilities are probably shared. In Linux we've had more than a few kernels in '14 because there is a lot of sharing between OS X and Open Source some of them are probably shared between the two also. In any case it's just been a bad year in general.
     
  14. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #14
    No I think the same argument applies, if you cannot split out the versions that the list is no good. IE11 may be rock solid but IE6 may be skewing the numbers.
     
  15. phrehdd macrumors 68040

    phrehdd

    Joined:
    Oct 25, 2008
    #15
    I have to agree that more details should be given. The simple list of vulnerabilities means very little without some specifics provided.

    I'll add as example that a given OS might have a greater quantity of "severe" vulnerabilities yet, the frequency of occurrence might be negligible. There seems to be a lot of info missing from that article that can help us shape an educated opinion.

    Candidly, I am not a fan of how Apple approach to Internet connectivity other than making a market for 3rd party tools to do what Apple does not. I switched to Apple around the time Vista's last non-pay-to-play beta was out. Over the years, I was surprised at some challenges (security-wise) existed for Apple and its flock of users. The vast majority of challenges was less about Apple (OSX etc.) but more about end user behavior and activities that caused issues and breaches.
     
  16. ApfelKuchen macrumors 68020

    Joined:
    Aug 28, 2012
    Location:
    Between the coasts
    #16
    In the case of the analysis by GFI... I'd have to question the validity of an analysis where Android is not listed among the operating systems. The chances of that OS having zero vulnerabilities seems to be near-zero, considering the numbers I pulled out of the NIST NVD database (below), and even if it was zero, it ought to be shown anyway, to keep people like us from rejecting the results out of hand.

    Methodology is very important. We can go to https://web.nvd.nist.gov/view/vuln/statistics to crunch the data ourselves - create our own queries, come to our own conclusions. And most likely, fool ourselves and everyone else.

    As it's been said, "There are lies, damn lies, and statistics."

    If I query at that page by Keyword, I have to trust that I've used a useful keyword. The query results suggest it's not a particularly accurate approach:

    Query period: January 2014-December 2014: Vulnerability Criteria: Contains Software Flaws > Keyword
    And here are the results:
    "android" - 19.13%, "iOS" 3.35%, "windows" 3.18%, "unix" 0.28%, "os x" 33.15%, "os_x" 3.5%, "mac" 1.31%, "apple" 4.17%, "microsoft" 4.55%, "google" 20.98%

    Why is "os x" so high, while "mac" and "os_x" so much lower? Most likely, choice of keyword, as the database uses the "os_x" format in version-naming. (just plain "os" returns 57.67%).

    Overall, Keyword seems to paint with a very broad, sloppy brush.

    The search page also allows us to search by CPE Name, where both Vendor and Product are selected from drop-down lists. That would seem to be the more accurate way to go, but every .dot release provides separate results. To aggregate results for, say, all iOS 8.x releases, one has to do a lot of number crunching, apply various weighting factors, such as duration of release, adoption rate, whether the individual vulnerabilities are being counted twice (once for each version to which it applies), etc. By raw, unweighted measure, for the period of January-December 2014, iOS_7.1.2 is at 0.57%, and iOS_8.0.2 is at 0.14%. Of course, 7.1.2 was a final, stable release that was in service throughout 2014, while 8.0.2 was released in September and rapidly superceded.
     
  17. roadbloc macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #17
    Whereas I agree that OS X and iOS probably aren't as secure as many may think, this article is sheer garbage.
     
  18. quackers82 macrumors 6502

    Joined:
    Mar 13, 2014
    #18
  19. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #19
    While I agree with your fundamental point, the article linked as noted above does not break out the OS by version. We have no idea of the majority of vulnerabilities are with 10.10 and 10.9 or 10.6.8?

    [MOD NOTE]
    I merged this with the existing thread as the discussion is about the same report.
     
  20. Ulenspiegel macrumors 68020

    Ulenspiegel

    Joined:
    Nov 8, 2014
    Location:
    Land of Flanders and Elsewhere
    #20
    While I agree with you (we have a thead - by the way - about this issue), it should be said that the above link is based on a biased and misleading article: http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/.

    P.S.: Oh, sorry, Mike, just saw you posted some mins before me almost the same. I will leave it here.
     
  21. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #21
    Ninja'd :)

    No worries, I think it helps continue the discussion in any event
     
  22. Ulenspiegel macrumors 68020

    Ulenspiegel

    Joined:
    Nov 8, 2014
    Location:
    Land of Flanders and Elsewhere
    #22
    LMAO ;)
    Feels guilty now.
     

Share This Page