This month, Apple published seven security updates resolving around 250 issues. The last patch is arrived yesterday; it addressed Mac OS X 10.6.7.
Adding the CVE IDs (for Common Vulnerabilities and Exposures) listed in each patch does not give us accurate view of the number of vulnerabilities involved. Several appear in more than one patch: For example, CVE-2011-0191 and CVE-2011-0192 are listed in five patches (Apple TV 4.2, iOS 4.3, iTunes 10.2, Mac OS X v10.6.7/Security Update 2011-001, and Safari 5.0.4).
After eliminating multiple entries, we discover that the 256 March issues are linked to 123 CVE references. Taking a look at 2010, we see 468 CVE covering the whole year. And I have not forgotten the one in January 2011.
CVE-2006-7243 is the oldest vulnerability covered by the 2011 patches. All others are from 2010 and 2011. Here’s what we’ve seen in the last 15 months:
- 1 CVE from 2003 (CVE-2003-0063)
- 2 CVE from 2006 (1 in Q1 2011)
- 11 CVE from 2008
- 68 CVE from 2009
- 428 CVE from 2010 (41 in Q1 2011)
- 82 CVE from 2011 (all covered in 2011)
Is it possible to make a comparison between Apple and Microsoft?
During the same period (from January 2010 to March 2011), Microsoft published 123 security bulletins and patched 298 software flaws (CVE).
We can quickly compare by the level of criticality. On the Apple side for 2011, only one vulnerability has a low rating. All the others (123) were named as critical (by Vupen) or highly critical (by Secunia). On the Microsoft side one vulnerability was labeled moderate, 20 important, and eight critical.
Thus in the last 15 months Apple has corrected twice the number of flaws as Microsoft.
Related Posts
- Firefox 4 gets its first security update
Yesterday, five weeks after shipping Firefox 4, the Mozilla project published the new browser's first-ever security update. The Firefox version number bumps up to 4.0.1.The update fixes 50-odd bugs in... - Free anti-virus for Mac named Best Anti-Malware solution at SC Awards
Who would have thought it? A free anti-virus program for Apple Macs being named best anti-malware solution ahead of those security products for boring old Windows.Well, that's exactly what happened at... - Actually, iPhone sends your location to Apple twice a day
Forensic researcher Alex Levinson has discovered a way to map out where an iPhone has been. The information comes from a location cache file found on an iPhone (Library/Caches/locationd/consolidated.d... - Your iPhone keeps an unencrypted record of your movements
If you are are owner of an iPhone or a 3G iPad, you'll probably want to know that your location - along with a timestamp - is at all times recorded by the device and stored into a file called "consoli... - Apple iTunes page infected
On that whole SQL injection thing, here’s an interesting one I found while stumbling around researching today.
Hmm…What’s that all about? Any more pages like this? Let’s see!
Well, yeah. There... - Busy Patchday: Updates for almost everything
Today seems to be administrators nightmare day: Not only Microsoft released the announced updates on the regular Patch Tuesday, but also Adobe for Reader and Flash Player and Google for the Chrome web... - Busy patch tuesday ahead, (Fri, Feb 4th)
Come Tuesday, Adobe is apparently planning to issue critical updatesfor Adobe Reader. Microsoft's advance notification indicatesthat we'll be getting a plethora of patches, most prominently a critical... - DA: 27 used others’ credit cards at Apple stores (AP)
AP - A crafty crime ring honed a very 21st-century scheme, authorities say: gleaning stolen credit-card numbers online from data thieves, deploying the numbers for a million-dollar, cross-country Appl... - Hacktivism, Apple App Store, Vodafone and Facebook – 90 Sec News – Jan 2011
Don't just read the latest computer security news - watch it in 90 seconds!
The lessons this month: "Anonymous" hacktivists aren't as anonymous as they might have hoped, applications in Apple's bran... - NY document: ID theft ring targets Apple stores (AP)
AP - Dozens of people have been charged with forming a prolific identity theft ring that used thousands of stolen credit card numbers to shop at Apple stores around the country, according to a court ...
Posted on 24 March 2011. Tags: Apple, Busy, Month
The above information is reprinted from and copyrighted © by McAfee.
