The developer mindset on Windows is still stuck in the 90s, and most of the exploits are due to the laggards who've never taken the user experience for updating very seriously (Adobe, Sun/Oracle, various streaming video players, etc.) or treating security as an optional feature and installing with insecure defaults (see previous list).

Mac culture has been less user-hostile for a long time so Mac apps usually have e.g. automatic updaters (and rarely the crazy login-to-vendor-website-to-download insanity) and lack installers, making it less common to require authentication or slop things around the entire filesystem. This is not perfect but it avoids some of the pathologies which Microsoft (and Chrome) are slowly dragging the Windows community out of.