Absolutely it's a linux vulnerability. I know a bunch of people that dabble with linux and choose to install everything. Besides how many users need to install software to make it "count" as a vulnerability. You've gone overboard trying to prove a point that you lost a long time ago. FACT: MOAB proves mac has some serious issues. FACT: One can exploit those vulnerabilities today.
Using your logic I could claim Windows is Uber secure because they should be running the latest windows Vista and or Windows 2003. And only install EXACTLY what they need...and if any of those things are optional they don't count. TCP/IP...who needs that? I don't need to install a network card...that's optional too I guess. So unless 100% of the machines are running the code it doesn't count. And even if it is Microsoft says to run AV and firewalls so if the user doesn't the vulnerabilities don't count.
No it isn't! An Adobe Acrobat exploit was just found, and it's on almost every Windows system, but I wouldn't count that as a Windows exploit, because it's a problem with Acrobat, not Windows. IIS exploit? That's Windows. Apache? Not part of Windows. If the vendor wrote it and shipped it with the OS, and it's among the regular component options, then it's part of the OS. If not, it's just packaged third-party tools with their own problems.
This does get a little vague with open source, but when you're talking about a desktop, Perl and Ruby almost never come into the picture. To hype them as desktop exploit vectors is pure FUD (aside from the fact that it took a lot of deliberate effort just to get the vector to work on a target machine).
You also get problems with different Windows versions, because an exploit on XP Pro could have no effect on XP Home. Then you have to specify which version the exploit counts against.
But given all of that, I do like the work that MOAB is doing, although I always disagree with 0-day disclosure policies. The vendor should always have a chance to fix it first. Microsoft is known to sit on exploit notices for months before fixing them, and in those cases I definitely understand a pre-fix release (this has actually gotten third-parties to fix Windows holes before MS did). But in general, Apple is basically getting free security testing, and that's good.
While it may not be a "linux" vulnerability, they are certainly "linux distribution" vulnerabilities when they are shipped as part of a linux distribution, but more importantly if the user must wait on the linux vendor to release the patch. You see it all the time, some hole in what they want to call a "3rd party" product, but the appropriate patch can't come from the third party, the patch has to come direct from the linux vendor such as Red Hat. You often for example can't just take the patch from the "3rd party" vendor, you have to wait for the patch made specifically for that particular linux distro. Hence, it's obviously a hole in that linux distro, since a patch for that distro is required.