CVE-2016-1779

WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote attackers to bypass the Same Origin Policy and obtain physical-location data via a crafted geolocation request.

Date published : 2016-03-23

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00005.html