Apple tops public vulnerability list

Apple was hit by the most publicly divulged security vulnerabilities in the first half of this year, according to a report from Trend Micro.

The security firm's biannual Threat Report showed Apple had nearly 180 entries on the Common Vulnerabilities and Exposures (CVE) list, which tracks publicly reported flaws.

Apple was followed closely by Microsoft, with Oracle, Adobe and Cisco rounding out the top five.

"While some vendors receive a significant amount of press attention for vulnerabilities... the vulnerability threat is far more multipronged than just patching Windows or updating Flash and Acrobat/Reader," the report said.

"In addition, some of the vendors with large numbers of vulnerabilities focus on enterprise software, with correspondingly longer patch cycles that potentially leave users at risk," it added.

Trend Micro also stressed that having a higher number of CVEs doesn't necessarily mean a vendor is less secure than others. For example, while Adobe ranked fourth in terms of number of public CVEs, one exploit called TROJ_PIDIEF that uses PDFs to target Acrobat software had 666 different detection names in the first half of this year.

"Each detection name represents multiple in-the-wild variants, resulting in a total number of new PDF threats numbering into the thousands – in only six months," the report said.

In total, 2552 such vulnerabilities were reported in the first half of the year, down from 3,086 in the first half of 2009. "However, it should be noted that this does not mean that the vulnerability threat is lessening," the report said. "Not all vulnerabilities receive a CVE; many vulnerabilities that are privately reported to vendors are not included in the system."

Apple hadn't returned request for comment at the time of writing.

This article originally appeared at pcpro.co.uk