The "Clear History and Website Data" feature in Apple Safari before 9.1.1, as used in iOS before 9.3.2 and other products, mishandles the deletion of browsing history, which might allow local users to obtain sensitive information by leveraging read access to a Safari directory.
Apple Security Advisory 2016-05-16-5 - Safari 9.1.1 is now available and addresses history deletion, data disclosure, code execution, and various other vulnerabilities.