Don’t Be Shocked By OS X Being Vulnerable – But Don’t Gloat Either

The news over the weekend that Apple’s flagship OS’ where more vulnerable to security threats should not come as a surprise to anyone. As one who formerly used OS X and iOS, I knew it was just a matter of time before the two platforms were targeted and it appears in 2014 that happened.  Why it shouldn’t come as a surprise is simple and comes down to simple target size for hackers.  The key however my fellow Windows 8.1 and Windows Phone 8.1 users is not to gloat to much.  We have been here and know the pain.

First, here is the link to the GFI report.  It is a great read and I recommend that you spend some time reading it to glean the information in this comprehensive report. There is a lot of information here that covers not just Operating Systems like OS X and Windows but also mobile OS’ and applications that have security vulnerabilities.  The information is based on reports of vulnerabilities to

GFI OS Vulnerability Chart
GFI OS Vulnerability Chart

the National Vulnerability Database, or NVD.  In 2014 there were an average of 19 vulnerabilities reported per day which in itself is a bit eye watering.  The result however showed that Apple’s OS X and iOS were the most vulnerable OS’ in the market with the Linux Kernel being third.  For comparison, Windows 8.1 ranked 8th with Windows 8 ranking 7th and Windows Server 2008 ranking 4th.

Why did this happen?  I think it comes down to two key reasons.  First, there is simply the target size.  Apple’s OS X and iOS both have gained market share numbers in the last few years.  According to Net Market Share, OS X currently enjoys a 7.11% market share in Desktop OS while iOS commands 42.59%.  With more consumers going to OS X it means there are more viable targets for attack in the market.  Not huge – Windows still commands over 90% of the market share – but enough to draw attention of those who want to poke the OS’ for security issues (white hat or black hat).  Second, and perhaps more dangerous, has been the prevailing attitude within the OS X community that because it is based in Unix, it is “naturally” more secure than Windows.  Clearly the information from GFI proves this to be a fallacy.  It is no more secure than any other platform which means it requires users to be vigilant, educated and aware of the security risks of using that particular platform.  No longer is security a “Windows problem” but to be fair, it never has been just a Windows problem.  It’s always been there in OS X but not brought to the fore as much with such a small market share number and user based.  That’s changing and vulnerabilities are becoming exposed on a regular basis.

GFI Application Vulnerability Chart
GFI Application Vulnerability Chart

Before any of us Windows users get to proud in the moment, let me snap everyone back to reality.  Internet Explorer remains the top security vulnerable app through out 2014 according to GFI with Google’s Chrome browser a distant second.  Not surprisingly, IE claims just over 58% of the market share of browsers while Chrome sits in 2nd at 23.54%.  Again, it comes down to targets available and with both of these browsers, there are a lot of targets.  Combine that with the number of versions of IE that are still in use and you compound the problem.  IE v11 is far more secure than v6 but there is still over 1% of the users out there running IE 6.  That skews numbers but it is real world so it can’t be completely dismissed and it should keep the Windows fan base from crowing too much.

At the end-of-the-day, with reports like this, nobody really wins.  OS developers like Apple and Microsoft must continually remain vigilant in securing their platforms but equally, there is the responsibility of the end user as well.  We as end users need to make sure that we have the latest security updates installed on our PCs, Macs and other devices along with making sure that we take proper measures to keep our devices safe.  That means making sure additional apps like Java or Adobe Reader are also up-to-date as well as Anti-Virus apps, Windows Defender and the like.  It is a team effort and one that everyone regardless of your platform of choice need to participate in for your own digital safety.