Softpedia >News >Security
Softpedia Homepage   

80 Vulnerabilities Found in iOS in 2015, 10 in Android

Secunia has found 9,225 vulnerabilities in 2015 so far

Aug 6, 2015 15:05 GMT  ·  By
More vulnerabilities found and fixed in iOS compared to Android
   More vulnerabilities found and fixed in iOS compared to Android

During this year's Black Hat USA 2015 conference in Las Vegas, Secunia, a leading provider of IT security solutions, has released a report detailing security vulnerability trends for the first seven months of 2015.

Until July 31, Secunia researchers discovered a total of 9,225 vulnerabilities, which is down from the 9,560 similar threats discovered in the same period in 2014.

Worrisome is that more threats labeled as "extremely critical" and "highly critical" are being discovered, in a rise from 0.3% to 0.5%, and 11.1% to 12.7% respectively.

As for zero-day exploits, Secunia is reporting 15 so far, putting 2015 on pace for breaking the 25 total zero-days discovered in 2014.

The waves of OpenSSL vulnerabilities

While 2014 was considered the year of Heartbleed, Secunia has observed that OpenSSL vulnerabilities came in five big waves during the past two years.

While Heartbleed was the mother of all OpenSSL bugs, wave #2 came in at a close second with 800 products detected as vulnerable.

In 2015 things seem to have calmed down a bit, the last vulnerability wave, #5, being spotted in only around 100 products.

More vulnerabilities were found in iOS devices, compared to Android

On the mobile market, the Secunia team is reporting a total number of 80 vulnerabilities discovered in iOS, while only 10 were found in Android devices.

"The fact that fewer vulnerabilities are discovered in Android should under no circumstances be misinterpreted to imply that Android OS is more secure than iOS," said Kasper Lindgaard, Director of Research and Security at Secunia.

He explains this trend by the fact that Apple is in full control over its operating system and devices' hardware makeup, allowing it to discover and patch security problems much faster than Google. The latter works with multiple companies at the same time, which are not always doing their due diligence regarding user security.

This last trend will fortunately change from now on, today Samsung and Google announcing in separate cases that they plan to take the security patching into their own hands.