It wasn't self-propagating, but MacDefender scareware still claimed a lot of machines. http://en.wikipedia.org/wiki/Mac_Defender

Apple also has a poor record at security patching, which allows for more drive by downloads, especially through Java. Further reading: http://voices.washingtonpost.com/securityfix/2009/06/apple_p... http://krebsonsecurity.com/tag/mac/