While that lack of disclosure doesn't stop consumers from buying Macs, it does keep many corporations on the sidelines, Henry said.

"To me, that's a showstopper for them," Henry said. "I really have to be reluctant on recommending the product for the enterprise, because they just seem so adamant against talking about any security issues."

In comparison, Microsoft, which dominates the corporate PC market with Windows, takes the opposite approach and works closely with the security industry. "Microsoft, for all its faults, does probably the best job of informing the public regarding vulnerabilities and patches in their products," Henry said.

Apple tends to lump its security releases along with its product updates and improvements, which plays down the seriousness of any vulnerabilities. "If they're going to discount something as being a feature enhancement or a patch on performance, and it in fact corrects a vulnerability, some users may put off applying that patch, leaving themselves woefully exposed," Henry said.

Mac users are dependent on Apple for all security fixes to Mac OS X, because third-party software vendors, such as Oracle, are not allowed to ship patches directly. When Apple drops the ball with Java, customers are left at risk, because the platform has become a favorite target of hackers.