Rarely a day goes by without news of another vulnerability hitting an operating system, software, device, or service on the web. These reports have become part of everyone's online life and all users can do is stay informed and close security issues as soon as companies make available patches for them to do so.
While it is sometimes possible to mitigate vulnerabilities, often users are left with no other recourse but to wait for a company to release a patch. Sometimes, that patch is never produced.
CVE Details, calling itself the "ultimate security vulnerability datasource", has published its annually updated product vulnerability listing.
The list, which ranks products based by total number of distinct vulnerabilities, may come as a surprise to computer users who'd except all-time favorites such as Flash Player, Java or Windows to fight for the top spot.
In fact, it is Apple with its Mac Os X and iPhone OS that is taking up the top two spots of the ranking. The two top spots are followed by four Adobe products, namely Flash Player, Air SDK, Air SDK & Compiler, and AIR in the places three to six.
Then you find the three browsers Internet Explorer, Chrome and Firefox in the positions seven to nine, and another Microsoft product, Windows Server 2012 in the tenth spot.
You find other Windows versions, Safari, Ubuntu Linux and Android in the top 20 listing as well. If you are looking for Java, another product that is attacked regularly, you'll have to scroll down to position 29 and 30 where you find it listed as JRE and JDK separately.
Other products of note in the listing include Acrobat and Acrobat Reader, Linux flavors such as Debian and OpenSuse, and products such as Apple TV, MySQL or Wireshark near the end of the listing.
The company released a total number of vulnerabilities by vendor as well which Microsoft leads before Adobe and Apple.
Probably the main reason why Microsoft is up that high is that all of the company's operating system versions are listed separately in the ranking. It is likely that there is at least some cross-over between different Microsoft Windows versions. A quick check reveals that it is indeed the case. The same can probably be said for other products by the same company, e.g. Adobe or Apple.
The service takes the data from the National Vulnerability Database. The ranking does not reflect the severity of vulnerabilities.
If you compare it to 2014 top 50 listing, you will notice that things changed dramatically in a year. The top five products in that year were Internet Explorer, Mac Os X, Linux Kernel, Chrome and iPhone Os. Java was found in positions six and seven, and Flash Player ranked 11 in the listing.
Now You: Are you surprised about the ranking?