Apple drops a bundle of patches in Software Update 2009-001 and Java updates

Stephen Withers
Friday, 13 February 2009 10:14

IT Industry - Market

The updates come hard on the heels of IBM's X-Force 2008 Trend & Risk Report which asserted that the operating systems with the most vulnerabilities documented in 2008 were Mac OS X Server and Mac OS X (each on 14.3 percent), ahead of Linux (10.9 percent), Solaris (7.3 percent) and various flavours of Windows (5.5 percent to 4.1 percent).

2008 saw over 7000 vulnerabilities disclosed, the first time this number has been reached. 14 percent of 7000 is a lot of vulnerabilities.

But the report seems to give no indication about the relative seriousness of vulnerabilities on each platform (would you prefer three minor issues to one critical vulnerability?) or the speed with which the security holes are plugged.

The X-Force report notes that only one percent of all vulnerabilities were critical, with 38 percent high, 54 percent medium and 7 percent low.

Curiously, it also asserts that Microsoft was the vendor responsible for the most vulnerability disclosures (3.16 percent of the total), followed by Apple on 3.04 percent and Sun on 2.19 percent. The other top ten (bottom ten?) vendors were Joomla, IBM, Oracle, Mozilla, Drupal, Cisco and TYPO3.

The fact that the ten worst vendors were only responsible for less than 20 percent of all vulnerabilities illustrates the growing significance of vulnerabilities in software that resides above the operating system. Exploits for software such as PDF readers and media players are becoming more common.

The moral of the story? Keep on patching!