We've read about various vulnerabilities and security issues related to Apple and the software they push out before, and yesterday Ars Technica reported that Apple has become the new world leader in software insecurity. While it's mentioned that OS X itself isn't the most insecure in practice, the various pieces of software you use like iTunes, Quicktime, and Safari, all display gaping security flaws that aren't being addressed.
To illustrate this point, the report includes cumulative figures for the number of vulnerabilities found on a Windows PC with the 50 most widely-used programs. Five years ago, there were more first-party flaws (in Windows and Microsoft's other software) than third-party. Since about 2007, the balance shifted towards third-party programs. This year, third-party flaws are predicted to outnumber first-party flaws by two-to-one.
There is a valid point to be made: yes, third party software can introduce vulnerabilities to the OS. But what bothers me about the article is two things. The first is that while Apple is known to have plentiful vulnerabilities in their software that should be fixed (quicktime vulnerabilities have been complained about for years now), it's never addressed how these vulnerabilities affect OS X -- Windows is mentioned as the only OS affected by Apple's software. The second issue I have: it's not mentioned specifically what vulnerabilities are being exposed and what ill-effects are had on the user. It seems unlike Ars Technica to throw out an article like this without further explaining potential risks for users. Instead, it's mentioned that third party software is harder to update and Microsoft does a better job of applying patches.
[via Ars Technica]