New Linux Vulnerabilities Surge 967% in a Year

Posted on by Admin
New Linux Vulnerabilities Surge 967% in a Year

Related Post


The number of newly discovered Linux and macOS vulnerabilities increased dramatically in 2024, according to new analysis from Action1.

The cybersecurity vendor’s 2025 Software Vulnerability Ratings Report is based on in-depth analysis of the National Vulnerability Database (NVD) and SecurityScorecard’s CVEdetails.com site.

By its reckoning, the total number of vulnerabilities discovered in 2024 rose by 61% annually to 6761, with Linux bugs increasing by an “unprecedented” 967% to 3329 for the year. Vulnerabilities in the macOS platform also recorded a significant annual surge, of 95%, to reach 508 in total.

Both UNIX-based ecosystems have traditionally been considered among the safer platforms.

Read more on vulnerabilities: 768 CVEs Exploited in the Wild in 2024.

The report also warned of a dramatic 96% increase in exploited vulnerabilities from 101 in 2023 to 198 in 2024.

Web browsers and Microsoft Office appear to have driven the latter trend.

Google Chrome recorded a 1840% increase in exploited vulnerabilities, from 5 to 97, while the figure for Office was a 433% increase to 32.

Other noteworthy findings include:

  • A 37% annual increase in critical vulnerabilities to 2930 in 2024. Operating systems such as Linux (499 to 851 critical vulnerabilities) and databases such as MSSQL (606%, to 120) were among the biggest contributors to this rise
  • The number of newly discovered vulnerabilities in databases increased 213% year-on-year (YoY), while those rated critical surged 505% YoY, driven by MSSQL (606%) and MySQL (100%)
  • The number of newly exploited CVEs in web browsers grew 657% YoY, including a 107% rise in remote code execution (RCE) vulnerabilities
  • The number of RCE vulnerabilities increased modestly by 7% to 537

“The consistent year-over-year rise, particularly in critical and exploited vulnerabilities, reinforces the escalating cybersecurity risks facing organizations,” the report noted. “To mitigate these risks, enterprises must adopt robust patching processes, enhance threat detection capabilities, conduct thorough vendor and supply chain risk assessments, and continuously improve their security policies and practices.”

However, there was one bright spot: a decrease in RCE vulnerabilities for Linux (-85% YoY) and macOS (-44%).

Key Steps to Mitigate CVE Risks

Action1 recommended organizations improve their security posture by:

  • Prioritizing critical systems (eg operating systems, web browsers and mobile platforms) and those exposed to RCE bugs (eg desktop operating systems and databases) timely patch deployment
  • Improving employee education about the risks associated with common applications
  • Ensuring comprehensive vulnerability management across all software
  • Conducting thorough risk assessments when selecting any third-party software
  • Deploying continuous threat detection tools to maintain resilience



Source link

Leave a Comment