You're right but you can reasonably expect some security patches now that it's been published, at least in the Linux world. Hopefully Apple could follow. Until then, you might perhaps consider using *BSD.

FWIW:

http://en.wikipedia.org/wiki/FinFisher#Detection

"According to announcements from ESET, FinFisher and FinSpy are detected by ESET antivirus software as "Win32/Belesak.D" trojan.[26][27]"

Apple did patch its itunes player - 3 years after apparently knowing about it:

http://krebsonsecurity.com/tag/finfisher/

"A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet the company waited more than 1,200 days to fix the flaw."

But yes, I agree you should go with OpenBSD if you're worried about this:

http://www.secpoint.com/Top-10-Most-Secure-Operating-Systems...

"By default, [OpenBSD] is the most secure general purpose operating system out there. The proof in the pudding? The fact that it suffered only two remote attack vulnerabilities in the last decade serves as solid evidence of its stringent security and strict auditing policy. Moreover, OpenBSD lacks a large enough attack surface (care of running numerous web applications) for hackers to exploit."