Status
Not open for further replies.
S

sinu

During this year's Black Hat USA 2015 conference in Las Vegas, Secunia, a leading provider of IT security solutions, has released a report detailing security vulnerability trends for the first seven months of 2015.
Until July 31, Secunia researchers discovered a total of 9,225 vulnerabilities, which is down from the 9,560 similar threats discovered in the same period in 2014.

Worrisome is that more threats labeled as "extremely critical" and "highly critical" are being discovered, in a rise from 0.3% to 0.5%, and 11.1% to 12.7% respectively.

As for zero-day exploits, Secunia is reporting 15 so far, putting 2015 on pace for breaking the 25 total zero-days discovered in 2014.
The waves of OpenSSL vulnerabilities

While 2014 was considered the year of Heartbleed, Secunia has observed that OpenSSL vulnerabilities came in five big waves during the past two years.

While Heartbleed was the mother of all OpenSSL bugs, wave #2 came in at a close second with 800 products detected as vulnerable.

In 2015 things seem to have calmed down a bit, the last vulnerability wave, #5, being spotted in only around 100 products.
More vulnerabilities were found in iOS devices, compared to Android

On the mobile market, the Secunia team is reporting a total number of 80 vulnerabilities discovered in iOS, while only 10 were found in Android devices.

"The fact that fewer vulnerabilities are discovered in Android should under no circumstances be misinterpreted to imply that Android OS is more secure than iOS," said Kasper Lindgaard, Director of Research and Security at Secunia.

He explains this trend by the fact that Apple is in full control over its operating system and devices' hardware makeup, allowing it to discover and patch security problems much faster than Google. The latter works with multiple companies at the same time, which are not always doing their due diligence regarding user security.

This last trend will fortunately change from now on, today Samsung and Google announcing in separate cases that they plan to take the security patching into their own hands.
 

Razor555

New Member
Just goes to show that iOS sucks and its supposedly closed source code.
Most of these vulnerabilities, I believe that its created intentionally by crapple itself.
 

Vasudev

Level 30
Verified
How people can hack into a closed source OS like iOS bypassing all security checks without raising alarms to Apple. As Razor555 said, some exploits are created by Apple first hand to gain more control over what and how Apple products are used.
 

Spawn

Administrator
Verified
Staff member
Just goes to show that iOS sucks and its supposedly closed source code.
Most of these vulnerabilities, I believe that its created intentionally by crapple itself.
You may dislike Apple, but at least the patches are delivered. Google can provide for Nexus devices, but all other hardware devices have to wait on the manufacturer.
"The fact that fewer vulnerabilities are discovered in Android should under no circumstances be misinterpreted to imply that Android OS is more secure than iOS," said Kasper Lindgaard, Director of Research and Security at Secunia.
 

Razor555

New Member
You may dislike Apple, but at least the patches are delivered. Google can provide for Nexus devices, but all other hardware devices have to wait on the manufacturer.

Open source OS vs Closed source OS, and the open source OS does better than a supposedly HUGE company like Apple in security?
That should raise a red flag immediately about Apple's real intentions...

Edit: Android has been consistently much more secure than Apple's iOS. Apple has been much more prone to vulnerabilities for quite a few years already.
 
Last edited:
  • Like
Reactions: Oxygen
Status
Not open for further replies.
Top