But everyone here is already thinking about the string of recent macOS vulnerabilities. Even just in the past few months Apple has been hit by a bunch of fairly major vulnerabilities while Windows hasn't been in the news for a while. What bugs me though is that a theres a handful of the Apple vulnerabilities that weren't caused by an implementation error, it was from a flawed design.
In particular the most notable example of this would be the API used by system preferences that would let any user create arbitrary files with arbitrary permissions owned as root. Obviously the first choice with that is to create a setUID binary but even if the permissions weren't user provided this should be something that should jump out during the design process as a bad idea.
As for a comparison of just recent newsworthy macOS vulnerabilities compared to Windows I'll just cite Hacker News as far smarter people than I have commented on this subject to death.
I just used the following query and only looked at the links on the first page.
The macOS results span the last 3 months, the Windows results span the last 8 years. Mac sales only provide about 8% of Apple's revenue which is overwhelmingly dominated by iPhone sales and app store revenue. macOS has become the red headed step child and it's really starting to show.
https://www.cvedetails.com/product/156/Apple-Mac-Os-X.html?v...
https://www.cvedetails.com/product/32238/Microsoft-Windows-1...
https://www.cvedetails.com/product/17153/Microsoft-Windows-7...
But everyone here is already thinking about the string of recent macOS vulnerabilities. Even just in the past few months Apple has been hit by a bunch of fairly major vulnerabilities while Windows hasn't been in the news for a while. What bugs me though is that a theres a handful of the Apple vulnerabilities that weren't caused by an implementation error, it was from a flawed design.
In particular the most notable example of this would be the API used by system preferences that would let any user create arbitrary files with arbitrary permissions owned as root. Obviously the first choice with that is to create a setUID binary but even if the permissions weren't user provided this should be something that should jump out during the design process as a bad idea.
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-...
As for a comparison of just recent newsworthy macOS vulnerabilities compared to Windows I'll just cite Hacker News as far smarter people than I have commented on this subject to death.
I just used the following query and only looked at the links on the first page.
https://www.google.com/search?q=site%3Anews.ycombinator.com+...
https://www.google.com/search?q=site%3Anews.ycombinator.com+...
macOS total karma 2345
https://news.ycombinator.com/item?id=15410953
https://news.ycombinator.com/item?id=15807913
https://news.ycombinator.com/item?id=15828767
https://news.ycombinator.com/item?id=15864637
https://news.ycombinator.com/item?id=15804726
https://news.ycombinator.com/item?id=16043578
Windows total karma 304
https://news.ycombinator.com/item?id=815265
https://news.ycombinator.com/item?id=2758554
https://news.ycombinator.com/item?id=10889728
https://news.ycombinator.com/item?id=13577709
The macOS results span the last 3 months, the Windows results span the last 8 years. Mac sales only provide about 8% of Apple's revenue which is overwhelmingly dominated by iPhone sales and app store revenue. macOS has become the red headed step child and it's really starting to show.