Just when I think I'm out ...
@Shakje
First, for your dictionary, it's a "buffer overflow". And it is one of the top attack vectors on any system.
Second, why isn't there a UAC on my Linux systems? I'll tell you why ... it's because the OS core layer is completely separate from the application layer, similar to the BSD clone used in OSX, and there is a strong, well developed security structure (multi-user separation, for one) in place. These factors are also contributors to the paucity of malware for Posix systems, as it is difficult and far more complicated to get a toehold into the OS core layer as a result.
This is very different from the Windows structure where many Microsoft applications are tied into the OS core layer, and where a "buffer overflow" at the Microsoft application layer can often easily compromise the OS core layer and allow for, among other dangerous things, privilege escalation, compromise of the Windows kernel, and on up to the compromise of even the BIOS and CPU.
If Apple is using similar hooks into their OS core layer, then Apple application security issues also present a significant risk.
While your statement about few users does apply to Apple users, if your explanation for fewer pieces of malware and its relation to "not as many users" were to hold up, you would need to explain why so few web servers (apart from Windows servers) are compromised in the OS core layer. Sure there are apps (notably forums, AJAX and sendmail) that show weaknesses and can be compromised to swamp the resources of any server, but the majority of web servers are running Posix (Unix, Linux, etc.)
Your argument would dictate that, because there are many more Posix servers out there, they should be riddled with malware, since they are a much juicier target than a home user's system. And yet, they are not. Because the systems are fundamentally different from Windows, the "come on down" king of malware.
And please don't call me naive. It's so ... belittling, and really not much of an argument for your points. I hope I have not been similarly disrespectful to anyone here.