Operating system vulnerabilities

We went through the top 20 operating systems by number of known vulnerabilities and the results may surprise you.

It’s a common misconception that Linux distribution are more secure than Windows but in the grand scheme of things, that’s not necessarily true.

From most vulnerable to least vulnerable, we look at the top 20 operating systems in the market that are used in commercial settings.

  1. Debian
  2. Android
  3. Ubuntu
  4. Fedora
  5. OSX
  6. Windows 10
  7. IOS
  8. Windows Server 2016
  9. Windows Server 2012
  10. Windows Server 2019


Debian Operating system vulnerabilities

The grass roots operating system that is the basis of the most used Linux distribution on the market, Debian is the core distribution for the following distros:

MX Linux

Linux Mint

Ubuntu

Deepin

AntiX

PureOS

Kali Linux

Parrot OS

Devuan

Knoppix

AV Linux

It’s clearly a solid choice for building on top of with popular distributions such as Ubuntu and even the pen testing distro Kali taking its core from Debian.

Yet Debian has the most vulnerabilities that are known out of any operating system on the market.

Coming in first with 6,566 known vulnerabilities there is plenty of room for exploitation here.

274 vulnerabilities are marked as 9 or above on the common vulnerability scoring system which puts them at a critical rating


Android operating system vulnerabilities

One of only two mobile operating systems on our list, Android is the work of Google and provided with a large amount of smart phones to power them.

The Android operating system is built using the Linux Kernel with a modified set of tools on top including a modified C library called Bionic libc as opposed to the GNU libc found with desktop and server based Linux distributions.

The reason for the use of different libraries and modules is due to licensing where if they used the standard C library and the standard set of GNU tools, they would have to release the entire source code but using their proprietary versions of them, they have more control.

Android comes in second with 4,373 known vulnerabilities


Ubuntu operating system vulnerabilities

Mentioned earlier under the Debian based distribution, Ubuntu is the most used flavour of Linux on desktop environments. Renowned throughout the Linux community as one of the best distributions on the market, Ubuntu has come a long way since its inception in the early 2000’s.

Canonical are the team that maintain and support Ubuntu and are one of the small number of commercial offerings available on the market alongside Red Hat, Suse and a handful of others.

Ubuntu is available in multiple flavours of its own including a KDE version and the standard Gnome version. There is also a lightweight version of Ubuntu that is designed to run on older hardware.

Certainly worth a look at as the popularity of it is increasing over time but with 3,390 known vulnerabilities to date, it’s worth understanding the risk of using Ubuntu in your commercial environments.


Fedora

Based on Red Hat Linux where it was forked in 2004, Fedora is sponsored by the Red Hat team and is used as a testing ground for future Red Hat releases. The distribution is maintained by some of the Red Hat team alongside a group of community developers.

Used by over a million users worldwide, Fedora is a popular desktop Linux that comes as standard with the Gnome desktop environment but is also available in other versions. There are offerings for desktop, server and IoT versions.

With 3,361 known vulnerabilities, it’s still relatively vulnerable in comparison to our lowest scorer on this list.


OSX

Not many people know this but Max Os X was originally derived from Darwin which is a BSD operating system. It complies to Possix and is Unix based. Forked in the early 2000’s and built upon by the Apple team. It’s basically the FreeBSD kernel with proprietary software on top.

This is why Unix commands are the way to work on Mac when working in the Terminal and why lots of Unix software also runs on Mac.

Text editors such as Vi and Emacs come as standard and the shell is a Unix type shell.

Still not the least vulnerable operating system on our list though, Mac Os X comes in with 3,016 known vulnerabilities.


Windows 10

Everyone likes to slate Microsoft for its operating systems. The restrictive environments that we find in there, the amount of malware, virus’s and ransomware designed to target the Windows machines. Also the exuberant prices charged by Microsoft for the use of their proprietary software. It doesn’t look good on paper but it still remains the number one used operating system in a desktop environment.

With 2,766 known vulnerabilities in the Windows 10 operating system, it’s needless to say that bad actors will still be targeting the Windows machines for a long time to come.

The reason we hear about so many hacks involving Windows though is not because it’s the most vulnerable operating system on the market. It’s because it’s the most used operating system on the desktop.


IOS

The second listing for a mobile operating system on the list. Iphone OS comes in 7th with its range of vulnerabilities that have been used in high profile hacks.

Israeli security tools producer, Pegasus, rose to fame with their software for breaking into Iphones of Government workers. They did this remotely due to exploits discovered in the operating system.

Only selling to Governments, it enables them to eavesdrop on anyone using an Iphone due to certain vulnerabilities in it’s code.

With 2,677 known vulnerabilities to date, the Iphone is an easy target for bad actors to break in and get what they want.

You only need to read the news to see this.


Windows Server 2016

With a majority of people moving to the cloud, it’s not often that people purchase on-premise servers in the commercial world now. When it comes to Government, banking and education, a lot of these institutions are still running on prem servers.

Windows Server 2016 is part of a product base from Microsoft that is proprietary and close source meaning that all of the code base is maintained and developed by Microsoft employees.

This can present a problem when eradicating vulnerabilities due to the slow process of things getting fixed.

Server 2016 has 2,548 known vulnerabilities that are ready to be exploited.


Windows Server 2012

As above but with less known vulnerabilities. Seems like we’ve gone backward when it comes to security on this one at the expense of functionality.

Server 2012 has 2,109 known vulnerabilities.


Windows Server 2019

A little less vulnerable than its predecessors, Server 2019 is designed for more cloud environments than on premise. Known to be more secure.

With 1,998 known vulnerabilities, if you want to go with Microsoft, this is the server you should be using.

Summary

In part 1 of the most vulnerable operating systems, we’ve managed to get through some of the most widely used operating systems on the planet.

I would bet that they are a lot more vulnerable than you thought. The misconception that Linux is more secure than Windows is evident.

In part 2, we will look at more secure operating systems. A few on there that you’ve probably heard of but never used.

A clue is that the internet is run on a lot of the upcoming operating systems on the lists.

Reducing your attack surface and monitoring for vulnerabilities will help you to prevent attacks