Google, Fedora Project, and Microsoft products had the most vulnerabilities in 2022
In today's world, where technology is embedded in every aspect of our lives, it is essential to understand the risks of using different software and devices. Many programs have significant vulnerabilities that cybercriminals could exploit to steal personal information or launch attacks.
According to the data presented by the Atlas VPN team, Google, Fedora Project, and Microsoft products had the most vulnerabilities in 2022. If we look into the specific products, security researchers found the most exploits in Fedora, Android, and Windows operating systems.
The statistics are based on the CVE Details security vulnerability database, which has records of exploits since 1999. The CVE database provides a comprehensive list of known vulnerabilities in various software products and systems, along with their severity ratings and other relevant details.
More vulnerabilities in a product do not necessarily mean it is less secure. Popular and open-source products tend to have more vulnerabilities due to the larger number of users discovering exploits. The severity of vulnerabilities is determined by the CVSS score, which will be explained later in the article.
Google products had 1372 exploits in 2022, the most of all vendors. The Android operating system had 897 vulnerabilities, which was the most of all Google products. In addition, security researchers found 283 exploits in the Chrome browser, but it did not make our top 10 list of products.
The Fedora Project was the second vendor with 945 discovered vulnerabilities. Its product Fedora Linux had the most, 944 exploits, of all products. The significant number of vulnerabilities could be attributed to Fedora being an open-source project which over 2000 contributors have been helping to develop.
Security researchers discovered 939 vulnerabilities in Microsoft products in 2022. Various Windows operating systems dominate the product list. Windows 10 and 11 both had over 500 exploits, while in Windows Server OS, from 2012 to 2022, the number of vulnerabilities ranged from 414 to 553.
Debian products had 887 exploits, and their Linux OS had 884 vulnerabilities, taking 3rd place among all products. Researchers found 529 vulnerabilities in Oracle products. Furthermore, Apple had 456 exploits in their products, one of which, macOS, had 379 vulnerabilities in 2022.
Severity of vulnerabilities
The Common Vulnerability Scoring System (CVSS) assesses the severity of vulnerabilities in computer systems and networks. It assigns them a numerical score based on a set of criteria such as exploitability, impact, and complexity. The score ranges from 0 to 10, with 10 representing the most critical and severe vulnerabilities.
Over a fifth (23%) of vulnerabilities found in Microsoft products are rated 9+. In addition, 20% of exploits are given a score of 7-8. Such high ratings mean that discovered vulnerabilities in Microsoft products could be exploited more commonly and do the most damage to the victim’s device.
Apple product exploits with a score of 9+ account for 17% of all vulnerabilities. In addition, 26% of vulnerabilities are rated 6-7. Vulnerabilities that were scored 4-5 make up 19% of all exploits. Only 5% of vulnerabilities were rated the least exploitable.
Google occupies the third spot on the list regarding severe exploits valued at 9+. They constitute 14% of all vulnerabilities. The exploits given a score of 7-8 make up 16%, while about a quarter (24%) of Google’s vulnerabilities are rated 4-5. Also, Google has 11% of vulnerabilities rated 0-1, the largest percentage of the four analyzed in the chart.
Only 2% of vulnerabilities are scored as the most severe in the Fedora Project, while those rated 6-7 make up 21% of all exploits. The majority, 28% of vulnerabilities are rated 4-5. Furthermore, 10% account for exploits given a score of 0-1.
As the reliance on technology continues to increase, so does the threat of cyberattacks. Individuals and organizations must remain vigilant about updating their software and taking proactive steps to protect against cyber threats.