The Apple iPhone is decorated and revered in the smartphone industry as one of the safest devices around. Thanks to its closed-off ecosystem, its record for malware and intrusion is unparalleled, with Google’s Android soaking up the vast majority of the negative press in this area. However, it is this strictly-moderated infrastructure, allied to continued popularity, which makes the iPhone a lucrative target to criminals, and according to a latest research from SourceFire, the number of vulnerabilities discovered on iPhone over the years far outweigh the combined number found within Windows Phone, Android, and BlackBerry.
Compiled in a study and published earlier this month entitled "25 Years of Vulnerabilities", which looked at vulnerabilities from the Common Vulnerabilities and Exposures (CVE) data and National Vulnerability Database (NVD). Having collated all the data, it was discovered that the overwhelming majority of vulnerabilities were specific to the Apple iPhone.
The 220 vulnerabilities equate to a total of 81 percent of the smartphone vulnerability market share – not a particularly coveted feat by any stretch of the imagination. As you can see from the chart, that number is more than four times higher than the collective number of Android, Windows Phone and BlackBerry-based smartphones combined, which accounted for a comparatively meager 19 percent.
Speaking to ZDNet Asia, SourceFire’s Yves Younan described the findings as "surprising", especially considering how much emphasis Apple places on improving security with each new version. His explanation as to why the iPhone appears disproportionately more vulnerable than its counterparts, points to iOS’s closed-source nature. Whereas Android is open source and thus a relatively soft target for malicious apps, iOS is so safe that, once a cyber criminal does manage to infiltrate the inner circle, the potential rewards are much greater.
The report also noted that the total number of vulnerabilities with a "high severity" rating continued increasing up until 2007, when it hit a peak of 3,159. Since that point, it has fallen down to a low of 1,760, although with an increase one again, it would seem vulnerabilities aren’t going anywhere.
Certainly a very intriguing tidbit of news, and it just goes to show that, despite Android commanding the lion’s share of bad press when it comes to malware, all vendors and software makers need to be on red alert in order to protect the consumer.