Apple is Now Number One -- In Software Vulnerabilities

Last Updated Aug 2, 2010 9:56 PM EDT

Recently Apple (APPL) made headlines when it passed Microsoft (MSFT) as the number one tech company in terms of market cap. But the company also earned a less attractive honor, when security company Secunia reported that Apple is now number one in terms of software vulnerabilities.

Apple overtook Oracle (ORCL), which had held the number one spot for the last four years. Microsoft ranks at number three, followed by HP (HPQ) and Adobe (ADBE). The report highlights the risk and reward inherent in the growth of third party software.

Most of the security flaws were found not in Apple's operating system but in its software, namely Safari, Quicktime and iTunes. As Peter Bright notes over at Ars Technica,

Five years ago, there were more first-party flaws (in Windows and Microsoft's other software) than third-party. Since about 2007, the balance shifted towards third-party programs. This year, third-party flaws are predicted to outnumber first-party flaws by two-to-one.
To some degree, the high number of vulnerabilities in Apple's software is just a reflection of its status as a successful company. As computer security veteran Roger Grimes writes, "Find me any software product that is the most popular product in its category, and I can assure you it is more successfully exploited than its next popular counterpart. I can't think of an exception."

That would help to explain why third party software like iTunes, which has become the default music player for tens of millions of consumers, would contribute to Apple's status as a leader in insecurity. But it doesn't explain why Apple's Safari web browser, which holds fourth place among web browsers, would rank as number two on Secunia's list of third party software with the most vulnerabilities.

Another possible answer is an embarrassing one for Apple, the persistent notion that its products are safer than their PC counterparts. The result may be a less aggressive approach to push fixes, called patches, to its end users.

As Preston Gralla wrote over at Computerworld, "Apple doesn't patch fast enough and doesn't admit the truth about potential security issues, among other problems. Part of that may be a result of the myth that Macs are invulnerable to infections and hacks. Part of it may be that Apple uses that myth in its marketing. For whatever reason, though, Apple still doesn't take security seriously."

Maybe its new status as the industry leader in insecurity will finally jolt Apple into action.

Image from Flickr User Don Hankin
Related Links

  • Ben Popper

    Ben Popper writes at the intersection of culture and technology. His work has been published in the NY Times, Washington Post, Fast Company, Rolling Stone, The Atlantic and many others. He lives at