Exploited macOS vulnerabilities increase by 30 percent
macOS and iOS have showed an increased exploitation rate of seven percent and eight percent, respectively. Although macOS reduced its total vulnerability by 29 percent from 2023 to 2022, exploited vulnerabilities have increased by over 30 percent.
This is among the findings of the Software Vulnerability Ratings Report from Action1 Corporation which offers insights into vulnerability trends within commonly used enterprise software categories, focusing on exploitation rate and Remote Code Execution (RCE) vulnerabilities.
"With the NVD's delay in associating Common Vulnerabilities and Exposures (CVE) identifiers with CPE (Common Platform Enumeration) data, our report comes at a critical moment, providing much-needed insights into the ever-evolving vulnerability landscape for enterprise software," says Mike Walters, president and co-founder of Action1. "Our goal is to arm key decision makers with essential knowledge so that they can prioritize their efforts in vulnerability monitoring using alternative approaches while the traditional reliance on NVDs is challenged. In light of the NVD crisis, the cybersecurity community needs to share information and build stronger relationships amongst private cybersecurity firms, academic institutions, and other threat intelligence platforms to facilitate holistic and timely data sharing so that all organizations can enhance their security posture."
Researchers also discovered a high exploitation rate for NGINX (100 percent) and Citrix (57 percent). Vulnerabilities in these load balancers pose significant risks, as just one exploit can provide attackers with broad access or disruption capabilities against targeted networks.
The report finds increased exploitability of MS Office too as attackers seek to take advantage of human error. MS Office's critical vulnerabilities account for nearly 80 percent of the overall annual vulnerability count, up to 50 percent being RCEs. In 2023, Microsoft saw its exploitation rate rise to seven percent, compared to two percent in 2022.
You can download the full report from the Action1 site.
Image credit: billiondigital/depositphotos.com