Significant Increase of 967% in Linux Vulnerabilities Over the Past Year

The number of newly discovered vulnerabilities affecting Linux and macOS systems has seen a significant increase. According to a recent analysis by Action1, the total count of vulnerabilities identified in 2024 surged by 61% from the previous year, culminating in a total of 6,761 vulnerabilities. Notably, vulnerabilities specific to Linux experienced an unprecedented rise of 967%, reaching 3,329 instances. Concurrently, macOS vulnerabilities also rose dramatically, with a 95% increase to 508 reported vulnerabilities.

Traditionally, UNIX-based systems have been regarded as more secure, but these numbers indicate a shift in the landscape of security threats.

The report further highlights a drastic 96% increase in the number of actively exploited vulnerabilities, which escalated from 101 in 2023 to 198 in 2024. This trend is predominantly driven by vulnerabilities associated with web browsers and productivity tools such as Microsoft Office. For instance, vulnerabilities in Google Chrome surged by 1,840%, rising from 5 to 97, while those associated with Microsoft Office increased by 433% to a total of 32.

Additional key findings from the report include:

– A 37% year-over-year increase in critical vulnerabilities, with a total of 2,930 critical vulnerabilities reported in 2024. Key contributors to this rise include operating systems like Linux (which saw an increase from 499 to 851 critical vulnerabilities) and database systems such as MSSQL (606% increase to 120 critical vulnerabilities).
– Newly identified vulnerabilities in database systems rose by 213% year-on-year, with 505% more vulnerabilities categorized as critical, largely attributed to MSSQL (606%) and MySQL (100%).
– Web browsers witnessed a 657% increase in newly exploited CVEs, which included a 107% rise in remote code execution (RCE) vulnerabilities.
– The overall number of RCE vulnerabilities climbed modestly by 7%, totaling 537.

The persistent increase in both critical and exploited vulnerabilities underscores the growing cybersecurity threats organizations face. The report emphasizes the urgent need for enterprises to bolster their defenses through effective patch management, enhanced threat detection capabilities, and comprehensive risk assessments, particularly focusing on vendor and supply chain vulnerabilities.

Despite these concerning trends, a slight reduction was observed in RCE vulnerabilities for both Linux (-85% year-on-year) and macOS (-44%).

Recommended Actions for Mitigating CVE Risks

To enhance their security posture, organizations are advised to:

– Prioritize critical systems, including operating systems, web browsers, and applications exposed to RCE vulnerabilities, ensuring timely updates and patches.
– Educate employees on the risks linked to commonly used applications.
– Implement robust vulnerability management strategies across all software elevations.
– Conduct thorough risk assessments when selecting third-party software solutions.
– Utilize continuous threat detection tools to sustain resilience against evolving threats.

These proactive measures can significantly diminish the risk associated with software vulnerabilities and fortify an organization’s overall cybersecurity framework.