WebKit in Apple iOS prior to 8.4.1 allows remote malicious users to spoof clicks via a crafted web site that leverages tap events.
apple iphone os