In 2011, Apple told its developers that it would be deprecating OS X’s Common Data Security Architecture including OpenSSL, describing it as an outdated relic of the late 1990s. Nearly three years later, OpenSSL was hit by a severe flaw that affected a wide swath of vendors and their users, but not Apple.
Apple was not hit by the Heartbleed defect because it had stopped using the vulnerable software in its operating systems 6 months before the vulnerability was added.
Apple just saw some other flaws in the underlying Open Source security applications and moved to its own.
Smart and lucky.Best way to go.