The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
lists.apple.com/archives/security-announce/2015/Jun/msg00001.html
lists.apple.com/archives/security-announce/2015/Jun/msg00004.html
lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
support.apple.com/kb/HT204941
support.apple.com/kb/HT204950
www.securityfocus.com/bid/75492
www.securitytracker.com/id/1032754
www.ubuntu.com/usn/USN-2937-1