The Common Vulnerabilities and Exposures (CVE) have publicly announced the list of “Top 50 Products by the Total Number of Distinct Vulnerabilities in 2016”. Android has officially been unveiled as the most vulnerable operating system in 2016. On the other hand, Adobe has been declared as the most vulnerable vendor.
Android: Nowhere in 2014, 26th in 2015 & Topper in 2016
Android Operating System led the list of as they encountered 523 vulnerabilities in 2016. As far as their ranking in 2015 was concerned, they were positioned at No. 26 with only 125 vulnerabilities. To everyone’s surprise, Android did not even make the list of top 50 products in 2014.
Another point of concern is that there is a massive difference in the number of vulnerabilities between Android and Debian Linux (2nd Position). The numbers of vulnerabilities in Android are 523 in comparison to Debian Linux’s 319. There is a whopping difference of 204 between two operating systems.
One of the key competitors of Android, iPhone OS recorded 161 susceptibilities in 2016. They are ranked at No. 15. In 2014, iPhone OS secured 7th position with 122 vulnerabilities while next year they were ranked No. 2 with 387 liabilities. It can be observed that iPhone OS has improved since last year while Android has suffered some compromises in its operating system.
Some of the Android vulnerability types are as following:
1- Denial of service
2- Bypass something
3- Execute code
4- Memory corruption
5- Gain information
6- Gain privilege
8- SQL injection
Adobe Topples Microsoft as the Vulnerable Vendor
Adobe has been ranked No. 1 in terms of vulnerable vendor as it edged out Microsoft by a relatively small margin. Some of the key factors which helped Adobe in becoming the most vulnerable vendor were Flash Player, Acrobat Reader, Air SDK and various other products.
Microsoft managed to grab the 2nd position with 1325 liabilities in comparison to Adobe’s 1383 weaknesses. Some of the vulnerabilities in Microsoft were found in Windows 10, 8.1, 7 and Vista, Internet Explorer, MS Office and few others. Google and Apple were positioned 3rd and 4th respectively.
CVE is operated by MITRE Corporation. It provides data, information and numbers of publicly known vulnerabilities in cyber security. Since 2002, it has released a list every year. In terms of most vulnerable OS so far, Mac has topped the list while Microsoft is named the most vulnerable vendor.