Count is a poor measure. Both Apple and Microsoft lump together fixes for remote code execution vulnerabilities (terrifying), privilege escalations (not a big deal for personal machines) and denial-of-service vulnerabilities (not important except for public servers) as "security fixes".