CVE-2016-4591

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

Date published : 2016-07-21

http://lists.apple.com/archives/security-announce/2016/Jul/msg00001.html

http://lists.apple.com/archives/security-announce/2016/Jul/msg00003.html