Chances are if you’re an owner of a Mac, you don’t worry too much about malware and viruses. At least you didn’t before the Flashback trojan was found to have infected some 600,000 Macs that were part of a botnet.

The Flashback botnet made headlines, but many were quick to point out that the infected machines became vulnerable through Java, not Apple’s OS, suggesting that Apple wasn’t to blame.

That may not have been entirely true, however. Apple had apparently blocked Oracle from issuing a direct update for Java on Mac, leaving Macs vulnerable to infection far longer than they should have been.

And that’s just the beginning of the problem according to the CTO of antivirus vendor Kaspersky, Nikolai Grebennikov. He’s on the record as stating “Mac OS is really vulnerable,” and apparently Apple believed that enough to invite Kaspersky to help it assess just how vulnerable Macs are.

The bad news: “Apple doesn’t pay enough attention to security.” In Grebennikov’s mind, the Java exploit that was left open for hackers to exploit proves this. When Oracle patched Java, Apple took far too long to issue a patch. Perhaps more importantly, it raises the question as to whether Apple should have allowed Oracle to issue the patch directly.

The even worse news: Grebennikov believes that malware targeting iOS, the operating system that powers the iPhone and iPad, could be right around the corner. While none has been identified yet, if past is prologue, it won’t be too long before it hits the scene. And as Grebennikov sees it, there’s no way Apple will be able to defeat iOS malware without help.

Which brings us to the good news: Kaspersky’s criticism of Apple’s security model seems to have caused Apple to bring Kaspersky (and perhaps other third parties) into the fold as it looks to take security more seriously going forward.

Locking down its OSes and maintaining their reputation as relatively “secure” could prove crucial to Apple staying on top. One of the main selling points of Apple devices is that they “just work.” But if hackers and scammers have their way, Mac owners could be in for some headaches. The business risk to Apple is huge, and it’s one that the company can’t afford not to try to mitigate.