2013 most vulnerable systems & software: It's not just Internet Explorer

2013 most vulnerable systems & software: It's not just Internet Explorer

Summary: While unsurprisingly Microsoft's Internet Explorer and Java were very vulnerable, Google's Chrome operating system was listed as the third most vulnerable system in 2013.


In order to predict what security threats are likely to emerge in the coming year, we need to look back in the closure of 2013.

What were the most vulnerable operating systems, apps and software operating last year?

According to a new GFI labs report released on Monday, last year, a number of high severity vulnerabilities were found in the most popular applications and operating systems in use. Using figures from the National Vulnerability Database (NVD), the researchers found on average, 13 new vulnerabilities per day were reported in 2013, for a total of 4,794 security vulnerabilities: the highest number recorded in the last five years. Roughly a third of these vulnerabilities were classes as "high severity."

Screen Shot 2014-02-04 at 08.35.51

In terms of vendor, Oracle leads the pack with 514 security vulnerabilities reported, and Java alone accounted for 193 vulnerabilities, over 100 of them deemed "critical." Cisco comes in second with 373 reported security flaws, and Microsoft accounted for 344, 248 of which are considered critical. 


When it boils down to browsers, Internet Explorer was extremely vulnerable in the same manner as Java -- but Google Chrome was the third most vulnerable piece of software in 2013, increasing its vulnerability rating by 43 points. Mozilla's Firefox, however, did rather well last year, bringing down its number of vulnerabilities to 149, 96 of which are critical -- which cause far more damage when exploted than medium or low-risk security flaws, but a better record than Microsoft, Jave or Chrome. 


Operating systems, naturally, were not left out as targets for exploitation. There has been an overall increase in the number of security flaws discovered in all modern operating systems although Microsoft has been issued the top spot; vulnerabilities found in Windows 7 in 2012 were greater by 58 records in 2013 as users transitioned from Windows XP. However, luckily for users, most of these security flaws are not critical.

The newest system, Windows 8, is a lucrative target for hackers, with the number of vulnerabilities found increasing from just five severe vulnerabilities in 2012 to 43 last year.



Topics: Security, Browser, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Using the NVD can be tricky

    It's not well laid out, and I've found its Statistics option to be its most informative option: you can use that to generate graphs showing the vulnerability trends of individual products over the years. The website Cvedetails.com uses the NVD's raw data to present the same information in a much more intuitive, user-friendly way, including by weighted average. And if you go by weighted average, Googe Chrome is pretty much in the middle of the top 50 software pack in terms of overall vulnerability, including being much less vulnerable than the two most vulnerable products on the list: Adobe Acrobat (hardly a surprise) and Microsoft Office (actually not so surprising once you think about it.)
  • Nobody's looking very good here...

    especially you fanbois of
    Dave S2
  • Green and red arrows confuse things

    A nice chart to see would be how quickly things are fixed
  • Sloppy, very sloppy....

    "Google's Chrome operating system" wan't "listed as the third", Google Chrome browser was, in "Application" - common! Is it too much to expect a tech writer to know the difference?!
  • only linux and ms?

    Why was BSD (unix) left out? I am very curious as to how the unix softwares hold up security wise. In case your reply is that unix is server software only and this article is about desktop/home operating systems then you forget there are a few destop operating systems based on unix. Mac is one of them though much modified. But there are others like PCBSD that are BSD kernels and run both bsd and linux programs. As unix was originaly developed with inter-computer communication (internet) in mind from the beginning, I would assume (though I may be wrong) that it would be a bit more secure. I have seen no comparisons like the above to indicate how well unix performs security wise in comparison to MS and Linux.
  • How is data gathered from NVD

    How is this data being taken from NVD?

    I'm trying to do something similar wiht finding the vulnerabilites on RHEL 5.11 but I'm having trouble figuring out which vulnerabilites are only associated to 5.11