well most of them require some cooperation on the part of the user, just like with windows, but they are there, just the thing is, like any multiuser OS, you might not get root, with windows the user is always root.
Some examples, put some executable code in an avi or jpeg or png file, the user downloads it, opens it, and boom, its too late.
Cant remember if OS X uses sendmail, but if it does thats a hole.The default shell is csh, thats got security issues.Any of the GNU tools are vulnerable, and OS X makes use of those too.
OS X's best defense is their tiny little 4% share of the desktop PC market, they arent a big target.