Apple has patched a critical vulnerability in its iOS operating system that allowed criminal hackers to impersonate end users’ identities by granting read/write access to website’s unencrypted authentication cookies. The vulnerability was fixed with the release of iOS 9.2.1 on Tuesday, almost three years after it was first discovered and reported to Apple in June 2013. The flaw affected iPhone 4S and iPad 2 devices and later, but the vulnerability has been resolved with an isolated cookie store for captive portals that will keep hackers at bay.
Source: https://thehackernews.com/2016/01/iOS-Cookie-Theft.html