This vulnerability is not in OS X. This is a website server software issue and has nothing to do with your computer.
The issue affects ceratin websites that use an open source software package. Most e-commerce websites are NOT affected. Apple, Google, and Microsoft websites also appear to be immune also. Again, there's nothing to patch on your computer. The problem is with certain websites themselves.
THIS VULNERABILITY *IS* IN OS X!
I'm still running a few OS X Servers and after doing an initial audit have found that the version of OpenSSL in Mavericks & Mountain Lion is vulnerable. Mavericks was patched, but Mountain Lion is still running OpenSSL 1.0.1e (11 Feb 2013).
If you run any type of server that uses OpenSSL, you need to take this vulnerability very seriously.
Here is a link to the US-Cert explanation of the vulnerability:
This issue is quite large and affecting more than just Web servers. You need to be looking at any products that may be implementing OpenSSL. For a vendor list and how they are affected see this US-Cert publication.
OK, change my last post to:
This vulnerablity *MAY BE* IN OS X!
While doing some more investigating into my server configuration, turns out that the vulnerable version of OpenSSL was part of a third party software package.
Apple deprecated their use of OpenSSL back in Lion (OS X 10.7). At that time the version of OpenSSL included in OS X did not contain the Heartbleed vulnerability.
Still, if you have been running on OS X server for a while - especially if it's been upgraded from a previous version of the OS - check your version of OpenSSL. Just type "openssl version" on the command line. If it comes back with OpenSSL versions 1.0.1 through 1.0.1f, you'll need to figure out what installed that version and update it.