Android beats Adobe Flash for most security flaws in 2016

Google's Android had the most vulnerabilities in 2016, ahead of Linux and Adobe Flash

Google's Android has topped a list of products with the most reported vulnerabilities in 2016, according to a recently published CVE database.

In a list of 2016's 50 most vulnerable products, compiled by CVE Details, Android OS was found to be by far the most exploited service of the year, with 523 known security flaws, followed by Debian Linux at 319.

Advertisement - Article continues below

Notably, the number of Android vulnerabilities was almost double that of Adobe Flash in fourth place, widely regarded as a bug prone and insecure platform for web content.

However, Adobe was the clear winner when vulnerabilities were ranked in terms of vendor, with 1,383 known bugs. Of the 10 products at the top of the list, four come from Adobe, namely Flash Player, Acrobat, Acrobat DC and Reader.

Microsoft was not far behind, in second place with overall vendor vulnerabilities at 1,325, covering services such as Windows 8.1, Windows 10, Microsoft Edge and Windows Server 2012.

The results are slightly skewed, as bug hunters are incentivised by Google to root out vulnerabilities for cash rewards, including $20,000 for exploits granting remote access to Google servers, which may account for the surprisingly high number of flaws.

A security flaw found in software running on Qualcomm chipsets in August 2016 was feared to have affected more than 900 million devices, including the HTC One and US versions of the Samsung Galaxy S7.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In October last year, Google released fixes for a staggering 78 vulnerabilities, including a serious privilege escalation bug, initially discovered in Linux OS but proved to have been inherited by Android, allowing for hackers to bypass security and gain root level access to devices.

Google Chrome was found to have the greatest number of vulnerabilities at 172, followed by Microsoft's Edge at 135 and Mozilla's Firefox with 133. Safari is the most secure browser according to the CVE figures, at just 56 vulnerabilities in 2016.

Apple's iPhone OS, Watch OS and Apple TV also made it onto the top 50 list, but collectively made up only 340 vulnerabilities. Microsoft Office ranked at the bottom of the list, with just 48 security flaws.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/operating-systems/28288/how-to-factory-reset-windows-10
operating systems

How to factory reset Windows 10

4 Mar 2020
Visit/operating-systems/23119/windows-10-release-date-features-devices-and-free-upgrade-microsoft-issues
operating systems

Windows PowerToys customisation project returns

10 May 2019
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020
Visit/operating-systems/microsoft-windows/355247/make-windows-boot-faster
Microsoft Windows

Make Windows boot faster

9 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/software/video-conferencing/355257/taiwan-first-country-to-ban-zoom-amid-security-concerns
video conferencing

Taiwan becomes first country to ban Zoom amid security concerns

8 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020