Malicious Exploits, not vulnerabilities is the critical issue
Vulnerabilities that rapidly get patched are nothing compared to malicious exploits that actually do vast damage and thanks to a user base that installs the latest updates astonishingly fast, iOS is an incredibly secure platform in the *real* world.
As you say, Android is worse - in fact, it is FAR worse.
32.8 million Android devices were infected with 65,227 different malware variants in 2012 (and another 20-30 million so far this year) according to NQ Mobile vs close to zero iOS devices.
An example of the viciousness of many Android malware exploits is the Eurograbber malware that swiped $47 million from the bank accounts of 30,000 hapless users last year.
Then there is the Bmaster command and control botnet malware which has been siphoning between half to 3.5 million dollars off hapless Android users per year.
And then there is the Google Messaging Service security hole being used by hackers to steal Android users’ data and forcing them to send premium SMS messages with direct financial implications to Android users. In fact
One big worry is the enormous Master Key security hole affecting 99% of all Android devices sold since 2008 that can give malware full access to all system and user data and control phone and SMS functions and turn the Android device into an always-on, always-moving, hard to detect botnet zombie.
This Master Key vulnerability can unfortunately only be patched by manufacturers releasing new firmware for their devices which is regrettable considering the dismal record manufacturers and Carriers have of releasing updates for Android devices.