Back in 2001, Apple already had problems with OpenSSL and decided that they were going to start moving away from it. Of course, this was long before Heartbleed was known, but they had already switched to Common Data Security Architecture almost a decade ahead of any problems that have recently come up.
According to the group that designed it, CDSA would be recommended to all Mac developers, in order to improve the performance across every aspect of Apple products. They then decided to completely redesign their own security structure as early as 2006, giving them complete control over the security involved in their products and making sure that they wouldn’t be prone to problems that other companies are.
By 2011, Apple was ready to completely get rid of CDSA, removing them from open source security entirely. Developers are now no longer slaves to exterior applications and can completely develop content within the Apple framework without having to deal with version changes and remain stable throughout updates that Apple makes.
By the time Hearbleed had been discovered, Apple had already completely dropped open source security six months prior. That doesn’t mean there are no vulnerabilities, though, because Apple had been rocked by it’s own scandal weeks before the discovery, although it wasn’t anything on par with Heartbleed.