OS X as most vulnerable software of 2015!

Discussion in 'macOS' started by g00dGod, Jan 3, 2016.

  1. g00dGod macrumors newbie

    g00dGod

    Joined:
    Jan 3, 2016
    #1
  2. lparsons21 macrumors 6502

    lparsons21

    Joined:
    Jun 3, 2014
    Location:
    Southern Illinois
    #2
    Not bad click bait to start the new year! ;)
     
  3. AFEPPL macrumors 68020

    AFEPPL

    Joined:
    Sep 30, 2014
    Location:
    England
    #3
    Seen them all before and I've been saying it for a while, lots of the security reports have been saying the same thing for both OS X and iOS a while. However it will just get dismissed on here as trolling or "click bait", but i think they are very valid claims (and well independently documented) people need to start waking up to it. Far from the nirvana apple would have you believe for sure.
     
  4. chrfr macrumors 603

    Joined:
    Jul 11, 2009
    #4
    Everything reported in there is patched. It's unrealistic to call Apple the most vulnerable, but that doesn't make good clickbait.
    I'm also unconvinced that each version of Windows has its own set of vulnerabilities.
    Also, if the two articles are reporting the same data, why does one report that OS X has 147 vulnerabilities while the other article reports 384?
    The articles do make good points that it's important to keep your OS and other software updated, regardless of platform.
     
  5. Dr. Freeman macrumors member

    Dr. Freeman

    Joined:
    May 1, 2012
    #5
    If iOS was that vulnerable we would get new jailbreak exploits every week.
     
  6. Mikael H macrumors 6502

    Joined:
    Sep 3, 2014
    #6
    I may be a bit slow, but as I understand it, the number of CVEs counted there include vulnerabilities and bugs that have already been fixed? Then you can't really say that OS X is "the most vulnerable OS" without a list of discovered but unfixed issues for all operating systems or software. Any complex program will have bugs. The important questions are whether they can be practically exploited, and whether they are known.
     
  7. AFEPPL macrumors 68020

    AFEPPL

    Joined:
    Sep 30, 2014
    Location:
    England
    #7
    The playing field is the same for all, so his point is a valid one be that they are all addressed for the other platforms too.. The data is a direct extract one assumes from places like NVD which provides data in XML format to allow for categorisation by people like CVEdetails.
     
  8. hwojtek macrumors 6502a

    hwojtek

    Joined:
    Jan 26, 2008
    Location:
    A small rural village in western Poland
    #8
    Which versions of iOS and OS X?
     
  9. rshrugged macrumors 6502a

    Joined:
    Oct 11, 2015
    #9
  10. aristobrat macrumors G4

    Joined:
    Oct 14, 2005
    #10
    So this is how they list it, which does make Mac OS look pretty bad.

    Mac OS X = 384
    Windows 8.1 = 151
    Windows Server 2008 = 149
    Windows 7 = 147
    Windows 8 = 146
    Windows Vista = 135
    Windows 10 = 53

    But when you roll-up all of the Windows versions above into one line for Windows (like how all OS X versions are rolled up into one line), it looks like:

    Mac OS X = 384
    Windows = 781

    That looks completely different.

    So why do all OS X versions get reported in one line-item, whereas Windows versions get reported separately?
     
  11. rshrugged macrumors 6502a

    Joined:
    Oct 11, 2015
    #11
    The hackread story is based upon a study by CVE Details. I haven't read the actual study yet so I don't know the logic of it, or its worth (assuming I can understand it).

    Point of information : CVE Details is a repository who organizes and interprets data it receives from National Vulnerability Database (NVD) and elsewhere. NVD interprets and organizes the data it receives, in the form of CVEs, from MITRE.

    CVE Details, how does it work? : http://www.cvedetails.com/how-does-it-work.php

    NVD FAQs : https://nvd.nist.gov/faq

    CVE FAQs : https://cve.mitre.org/about/faqs
     
  12. hwojtek macrumors 6502a

    hwojtek

    Joined:
    Jan 26, 2008
    Location:
    A small rural village in western Poland
    #12
    Still, this is at least misleading.
    First, because the adoption of current versions (and subsequent updates) in OS X is much faster than in Windows, which means effectively far smaller percentage of users own a vulnerable system.
    Second, because this list contains issues from ALL OS X versions.
    Third, because OS X includes software that has its issues patched outside of Apple's authority (like PHP for example, which does not exist in a Windows installation at all) and only then patched by Apple.

    So in this case it's not comparing apples with apples. And what aristobrat posted above (Mac OS X = 384 vs Windows = 781) is a closest comparison if we stick to CVE Details' logic.
     
  13. Altis macrumors 68000

    Joined:
    Sep 10, 2013
    #13
    And even that logic is broken because the number of versions shouldn't affect the score.

    It's only fair to consider the most current release of each operating system, while showing the older releases separately.

    Still, makes for some interesting information when you sort out some of that stuff.
     
  14. Ulenspiegel macrumors 68020

    Ulenspiegel

    Joined:
    Nov 8, 2014
    Location:
    Land of Flanders and Elsewhere
    #14
    It really makes me smile. "Hackread - Security is a Myth"..... It says a lot like the fact that Hackread is based in Dubai or that Adobe FlashPlayer is more secure than OS X or that interestingly but not surprisingly the most vulnerable systems are both Apple products.
    Give me a break.
     
  15. rshrugged macrumors 6502a

    Joined:
    Oct 11, 2015
    #15
    It appears that both hackread and CVE Details have produced kaka. As far as I know, what hackread is calling a report and a study, by CVE Details, is simply an imperfect list posted without context HERE.

    @Mike Boreham - posted a link to a critical, The Register, article --
    http://www.theregister.co.uk/2016/0..._product_in_2015_but_it_doesnt_really_matter/
     

Share This Page