Apple addressed a nasty bug that lingered in the wild for nearly three years and could have let an attacker steal cookies and impersonate victims.
Source: Threadpost