Users of iPhones, iPads and iPods probably didn't give much thought to Tuesday's iOS update, which brings the mobile OS to version 9.2.1.

According to Apple, the update contains "security updates and bug fixes," with the company highlighting an issue that can prevent app installation completion when using an MDM server (more data can be found here). But it's notable that one of those security updates fixes quite a nasty security bug that's been discovered nearly three years ago.

Initially found by Adi Sharabani and Yair Amit from online security company Skycure, the vulnerability allowed a malicious hacker to steal a user's cookies and, possibly, sensitive information including passwords and credit card information. For the attack to be effective, the victim would have to join a Wi-Fi network controlled by the attacker.

The bug was in the way iOS handles cookies when dealing with captive portals — such as welcome pages which require you to login upon accessing a hotel Wi-Fi — and was fixed by Apple by creating an isolated cookie store for all captive portals.

The two researchers say they've reported the issue to Apple on June 3, 2013, and have only publicly released info about it after it's been fixed. "This is the longest it has taken Apple to fix a security issue reported by us," Amit wrote in a blog post Tuesday, attributing the long wait to the fix being "more complicated than one would imagine."

Apple is currently working on iOS 9.3, a content update which brings several interesting features, including Night Shift, which changes the colors of the light emitted by your iDevice's screen based on the time of day, as well as several education-related features.