I'm using a brute method to scan applications determining if they link to OpenSSL libraries or code. OSX Mavericks comes with libssl 0.9.8 and 0.9.7 which is not effected by the Heartbleed bug. Effected versions are 1.0.1 to 1.0.1f. Of all of the applications i found installed only Bitcoin uses it's own libsss, v1.0.0 and unaffected by the bug.
Example log:
/Applications/0xED.app/Contents/MacOS/0xED
/Applications/Adium.app/Contents/MacOS/Adium
>> /usr/lib/libssl.0.9.8.dylib via /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
>> /usr/lib/libssl.0.9.8.dylib via /usr/lib/libssl.0.9.8.dylib
/Applications/App Store.app/Contents/MacOS/App Store
>> /usr/lib/libssl.0.9.8.dylib via /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
>> /usr/lib/libssl.0.9.8.dylib via /usr/lib/libssl.0.9.8.dylib
/Applications/Atom.app/Contents/MacOS/Atom
/Applications/Automator.app/Contents/MacOS/Automator
/Applications/Bitcoin-Qt-8.2.app/Contents/MacOS/Bitcoin-Qt
>> /Applications/Bitcoin-Qt-8.2.app/Contents/Frameworks/libssl.1.0.0.dylib via /Applications/Bitcoin-Qt-8.2.app/Contents/MacOS/Bitcoin-Qt
Example log: