An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to conduct UXSS attacks via a crafted web site.
Apple Security Advisory 2016-12-13-2 - Safari 10.0.2 is now available and addresses cross site scripting, arbitrary code execution, and various other vulnerabilities.