> Existence of vulnerabilities does not imply the existence
> of malware that takes advantage of them.
I think its a bit naive to claim there's no malware using vulnerabilities (did I re-phrase it correctly?). If you would have said "not in wide spread use," then I would have agreed with you. Apple tightly controls its ecosystem, so its not being spread via the App Store like Google Play for Android.
Apple does not control the web, as JailbreakMe.com demonstrates.
> Often, vulnerabilities are closed before anyone actually takes advantage of them.
Not in Apple's case. They regularly procrastinate on patching. Confer: Apple sat on nearly 200 vulnerabilities while waiting to make their iOS 6.0 press release (http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html). Some of the vulnerabilities were quite alarming - from provisioning to code signing to remote code execution during web browsing.
Look at the number of vulnerabilities known to NVD that include remote code execution for "just" webkit with "just" iPhone: http://web.nvd.nist.gov/view/vuln/search-results?query=webkit+iphone.
I'm befuddled where the leap is being made that "no bad guy is using any of the known vulnerabilities" (again, to restate your position).
Jeff