If I understand correctly, I think it's a function of how they rank their vulnerabilities. "The rankings are based on the percentage of users whose computers had the vulnerability in question"
Machines running Apple software on Windows >> machines running Apple software on Macs. So the same vulnerability wouldn't show up even if it existed in iTunes on OSX, for example.
Machines running Apple software on Windows >> machines running Apple software on Macs. So the same vulnerability wouldn't show up even if it existed in iTunes on OSX, for example.