A vulnerability exists in versions of OSX, iOS, and Windows Safari released before April 8, 2015 that allows the non-HTTPOnly cookies of any domain to be stolen.
4a33fb3750429fbc48b60b65f9266ada10b36414af7a3f3d44b49aac0e5a6e4f
Apple Security Advisory 2015-04-08-1 - Safari 8.0.5, Safari 7.1.5, and Safari 6.2.5 are now available and address information disclosure, code execution, certificate matching, and various other vulnerabilities.
eeaa79384ff069091d47b9a03c45c84ae355020694e5aeac68b451b6f942eb32