Flash ranks only 3rd in 2015's most vulnerable software list

Jan 3, 2016 00:10 GMT  ·  By

Now that 2015 has officially ended, let's take a retrospective look over what happened during the past year when it comes to critical or highly critical security vulnerabilities.

During the past 365 days, independent security researchers, cyber-security firms, and even the makers of various software themselves have reported security vulnerabilities, and when necessary, have asked for a CVE (Common Vulnerabilities and Exposures) identifier.

These CVE numbers are used to track security flaws across products and time, and if you hang around infosec circles long enough, you understand how crucial they can be to a security researcher's work.

Apple - the company with the most security bugs in 2015

According to CVE Details, a website that manages an inventory of security vulnerabilities based on their CVE identifiers, during 2015, the company for which the most new CVE numbers have been assigned was Apple.

Security researchers discovered 654 security flaws in Apple's products, 83 more security bugs than Microsoft's total of 571 vulnerabilities, the company that came in second.

The rest of the top 10 continues with Cisco - 488 security bugs, Oracle - 479 bugs, Adobe - 460 bugs, Google - 323 bugs, IBM - 312 bugs, Mozilla - 188 bugs, Canonical - 153 bugs, and Novell - 143 bugs.

If you're wondering who received Apple's crown in the past years, IBM got it in 2014 (455 bugs), Oracle in 2013 (496 bugs), Oracle again in 2012 (380 bugs), and Google in 2011 (295 bugs). Between 1999 and 2010, Microsoft "won" the title each year.

OS X - the product with the most security bugs in 2015

As for software products, an Apple product won this title too, with the OS X operating system coming first with 384 security bugs, and iOS coming in second, with 375 bugs.

Third on the list is Adobe's Flash Player, which many security experts expected to come first, especially after the slew of security bugs that spilled out in the open after the Hacking Team data breach. In 2015, Flash had "only" 316 security bugs.

The rest of the top 10 is as follows: Adobe AIR - 246 security bugs, Internet Explorer - 231 bugs, Google Chrome - 187 bugs, Mozilla Firefox - 178 bugs, Windows Server 2012 - 155 bugs, Ubuntu - 152 bugs, and Windows 8.1 - 151 bugs.

In the previous years, the software products that ranked the most vulnerable were: Internet Explorer in 2014 (243 bugs), the Linux Kernel in 2013 (189 bugs), Google Chrome in 2012 (249 bugs), Google Chrome again in 2011 (266 bugs), Google Chrome for the three-peat in 2010 (152 bugs), Mozilla Firefox in 2009 (126 bugs), Mozilla Firefox tied with Apple OS X in 2008 (96 bugs), PHP in 2007 (114 bugs), Apple OS X in 2006 (106 bugs), the Linux Kernel in 2005 (133 bugs), Internet Explorer in 2004 (59 bugs), Solaris OS in 2003 (44 bugs), Internet Explorer in 2002 (54 bugs), RedHat Linux in 2001 (47 bugs), RedHat Linux again in 2000 (47 bugs), and Windows NT in 1999 (64 bugs).

As you can see, Flash was never as bad as people thought, but that doesn't mean you still need to use it.