Every badly administered 'big' OS will be vulnerable.
I would be surprised if OSX has more vulnerabilities than windows. Being BSD, it is a lot more mature and the source, like Linux, is reviewed by peers.
With windows, since last years worms, most trouble now is caused by IE and malware web sites that can directly infect a PC AND leave a door open for worms like netsky.
It would be surprising if the Unixes suffered the same fate since the security model makes it much harder for browser s/w to escalate privaleges and do these things.
Still, its possible with a badly administered Unix - look how many hosting companies run mysql as root!