Introduction
In 2024 [1] [2] [3], there was a significant surge in newly discovered vulnerabilities across Linux and macOS systems, highlighting an increased focus from attackers on UNIX-based platforms. This trend underscores the growing cybersecurity risks and the urgent need for organizations to enhance their cybersecurity strategies.
Description
In 2024 [1] [2] [3], the number of newly discovered vulnerabilities in Linux and macOS surged significantly [1], with an overall increase of 61% to 6,761 vulnerabilities [1]. Linux vulnerabilities saw an unprecedented rise of 967% [1], reaching 3,329 [1], while macOS vulnerabilities increased by 95% to 508 [1] [2], reflecting a heightened focus from attackers on UNIX-based systems [2]. The report highlighted a dramatic 96% increase in exploited vulnerabilities [1], from 101 in 2023 to 198 in 2024 [1], driven largely by web browsers and Microsoft Office applications [1] [2], indicating a significant escalation in threat actor activity [2]. Notably, Google Chrome experienced an astonishing 1,840% increase in exploited vulnerabilities [1], rising from 5 to 97 [1], while Microsoft Office saw a 433% increase to 32 [1].
Additionally, there was a 37% annual increase in critical vulnerabilities [1], totaling 2,930 in 2024 [1], with significant contributions from Linux [1], which rose from 499 to 851 critical vulnerabilities [1], and databases like MSSQL [1], which surged by 606% to 120 [1]. Overall, newly discovered vulnerabilities in databases increased by 213% year-on-year [1], with critical vulnerabilities rising by 505% [1] [2] [3]. Web browsers also experienced a substantial 657% increase in newly exploited CVEs, including a 107% rise in remote code execution (RCE) vulnerabilities [1], which increased modestly by 7% to 537 [1]. However, there was a notable decrease in RCE vulnerabilities for Linux (-85% year-on-year) and macOS (-44%) [1].
The report emphasized the growing cybersecurity risks and the urgent need for organizations to enhance their cybersecurity strategies, particularly in patch management and risk assessment [2], to address the rapidly evolving threat landscape [2]. It recommended that enterprises adopt robust patching processes [1], enhance threat detection capabilities [1], and improve security policies and practices [1], while also noting the complexities introduced by changes in how software vendors manage CVE attribution, which complicates vulnerability management further [3].
Conclusion
The dramatic increase in vulnerabilities [1], particularly in UNIX-based systems and critical applications like web browsers and Microsoft Office, highlights the escalating threat landscape. Organizations must prioritize strengthening their cybersecurity measures, focusing on effective patch management and comprehensive risk assessments. As software vendors evolve their CVE attribution processes, enterprises should remain vigilant and adaptable to manage vulnerabilities effectively. The future of cybersecurity will depend on proactive strategies and the ability to respond swiftly to emerging threats.
References
[1] https://www.infosecurity-magazine.com/news/new-linux-vulnerabilities-surge/
[2] https://cioinfluence.com/security/software-vulnerabilities-surged-61-in-2024-with-exploits-nearly-doubling-action1-report-finds/
[3] https://www.digit.fyi/software-vulnerabilities-action1/
