An iOS bug that allowed malicious agents to impersonate end users’ identities by granting read/write access to website cookies was fixed with the release of iOS 9.2.1 on Tuesday, some two and a half years after it was first reported to Apple.
Source:: Apple Insider