Apple products’ vulnerabilities surge by over 450%

William S. | April 12, 2022

To maximize their financial opportunities, cybercriminals are continuously striving to exploit vulnerabilities that affect as many individuals as possible. Consumers who fail to install the most recent software update may become ideal targets for hackers.

According to the findings by the Atlas VPN team, Apple product’s vulnerabilities surged by 467% in 2021 H2. Furthermore, Google and Microsoft products accumulated the most vulnerabilities in the second half of 2021.

The data is based on the Telefonica Tech Cybersecurity report 2021 H2. The analysis covers mobile security, vulnerabilities, privacy, and cyber risks in today’s landscape.

Google accumulated 511 vulnerabilities in the second half of 2021. Despite the slight decrease from the first half, Google remains in the top position. Google products such as the Android operating system and Chrome browser are used by billions of people worldwide. Cybercriminals exploit vulnerabilities in such products so that more users would be affected.

Microsoft products were second in terms of vulnerabilities with 428. Most of the vulnerabilities are found in Windows OS versions, Office tools, and the Microsoft Edge browser. In addition, hackers used exploits in the Microsoft Exchange Server to carry out ransomware attacks against the US businesses at the start of the year.

Apple software vulnerabilities surged by 467% in H2 2021 to 380 exploits. Cybercriminals find the most exploits on Safari browser and operating systems on various Apple products. Due to all Apple software being interchangeable and connected, one found vulnerability can usually affect all devices.

Oracle products accumulated 258 vulnerabilities in the second half of 2021. Attackers can use exploits found in the Oracle WebLogic Server to get remote access to a system. At the same time, the Chinese telecommunications equipment company Huawei gathered 201 vulnerabilities, almost an 814% increase compared to H1.

Vulnerability levels

The vulnerability risk level depends on the complexity of the attack, attack vector, user interaction, and many other things. Exploits that are simple to perform and can do the most harm to the victims are rated higher on the risk level.

National Vulnerability Database (NVD) evaluated 1,079 vulnerabilities with a risk level of 10 in the second half of 2021. One of such exploits, CVE-2021-34473, is rated 9.8 and affects Microsoft Exchange Server. The flaw allows the attacker to run the remote execution code to compromise system integrity and gain access.

NVD issued risk level 9 to 1,173 vulnerabilities. An exploit, CVE-2021-30858, rated 8.8, targets iPhones and iPads with the 14.8 iOS version and Macs with macOS Big Sur 11.6. The vulnerability allows the threat actor to execute an arbitrary code, enabling the installation of malware or other actions on a vulnerable Apple device.

Risk level 8 vulnerabilities were the most common, with 2,582 recorded flaws. Following up, NVD evaluated 693 vulnerabilities at risk level 7. While risk level 6 exploits accounted for 2,102 vulnerabilities. Exploits with a lower score are usually not as dangerous and require more skills from the attacker to perform.

The most harmful vulnerability from 2021 was CVE-2021-44228, better known as the Apache Log4j vulnerability. The Log4j vulnerability affects hundreds of millions of devices. If successfully exploited on one of the servers, it permits the attacker to run an arbitrary code and gain uncontrolled access to the whole system.

Products owned by tech giants such as Apple or Google are used by billions of people worldwide. In Q1 2021, we discovered that 60% of Android apps contain security vulnerabilities. So, users must be careful when choosing which apps or programs to install.

That makes billions of users vulnerable to exploits found by cybercriminals. To stay away from such threats and keep your devices safe, people should always update their software to the latest version.