Linux Security Issues See Massive Spike, Increasing by 967% Over the Past Year
Headline: 2024 Sees a Surge in Exploited Vulnerabilities, Particularly in Web Browsers and Microsoft Office
In the year 2024, a significant increase in exploited vulnerabilities was observed, with web browsers and Microsoft Office leading the trend, according to the 2025 Software Vulnerability Ratings Report by Action1.
The report, based on analysis from the National Vulnerability Database (NVD) and SecurityScorecard's CVEdetails.com site, highlights the need for enterprises to strengthen their security measures in response to this growing threat.
The number of newly exploited CVEs (Common Vulnerabilities and Exposures) in web browsers grew an alarming 657% year-on-year (YoY). Google Chrome recorded a staggering 1840% increase, with the number of exploited vulnerabilities rising from 5 in 2023 to 97 in 2024.
Microsoft Office also saw a significant rise, with the number of exploited vulnerabilities increasing by 433% to 32 in 2024.
The surge in exploited vulnerabilities was not limited to web browsers and Microsoft Office. The number of newly discovered vulnerabilities in databases increased 213% YoY, with those rated critical surging 505% YoY, driven by MSSQL and MySQL.
Interestingly, the number of remote code execution (RCE) vulnerabilities in web browsers increased by 107% YoY. However, the number of RCE vulnerabilities decreased for Linux (-85% YoY) and macOS (-44%).
In contrast, the total number of newly discovered Linux vulnerabilities rose by 61% annually to 6761, with the number of critical vulnerabilities increasing by 37% annually to 2930. Linux and databases such as MSSQL contributed significantly to this rise.
Both Linux and macOS, traditionally considered among the safer platforms, experienced a significant increase in vulnerabilities in 2024. Apple had the highest number of newly discovered macOS security vulnerabilities, while Red Hat was the company with the highest number of newly discovered Linux security vulnerabilities.
The Linux bugs in 2024 increased by an "unprecedented" 967% to 3329.
The report warns of a dramatic 96% increase in exploited vulnerabilities from 101 in 2023 to 198 in 2024.
In light of these findings, Action1 recommends organisations to prioritise critical systems for timely patch deployment, improve employee education, ensure comprehensive vulnerability management, conduct thorough risk assessments when selecting third-party software, and deploy continuous threat detection tools. The report also emphasises the need for enterprises to adopt robust patching processes, enhance threat detection capabilities, conduct thorough vendor and supply chain risk assessments, and continuously improve their security policies and practices.
For more insights on exploited vulnerabilities, read more on 768 CVEs Exploited in the Wild in 2024.
