Third party apps sour Apple's security credentials

More flaws were found in Apple's software than any other vendor over the first six months of 2010, according to vulnerability researchers at Secunia.

The report [PDF] found that Apple beat long term leader Oracle and steady third placed Microsoft for the top spot on the vulnerabilities list. However, the report found that while the top 10 companies were targeted, they accounted for barely a third of all vulnerabilities, with third party applications causing a doubling of vulnerabilities on the average user PC last year.

The increase in the amount of third party application has fueled a big rise in the number of vulnerabilities the average user has to deal with the report found.

“This analysis clearly identifies vulnerabilities from third party programs to be almost exclusively responsible for the increasing trend observed since 2007,” the report states.

“Data from the first half of 2010 shows that third party program vulnerabilities are the primary risk factor for typical end-user PCs.

The average number of vulnerabilities has risen from 220 in 2007 to around 420 by 2009. In the first half of the year this had already risen to 380 and Secunia predicts it will rise to around 760 for the year.

Overall the company's research from 2005 finds that the general level of vulnerabilities in any new code hasn't changed much, suggesting that companies have got as far as they can bug testing first generation software. The increase in 3rd party applications is demonstrated in the increased threat profile.

“At a large scale the security ecosystem appears to be in a state of equilibrium, at the current rate of common vulnerabilities and exposures supporting that generally software vendors are still unable to release vulnerability free software,” the report concludes.