“Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 client certificates, which makes it easier for remote attackers to track users via a crafted web site.”
https://nvd.nist.gov/vuln/detail/CVE-2015-1129#VulnChangeHistoryDiv
Impact: Users may be tracked by malicious websites using client certificates
Description: An issue existed in Safari’s client certificate matching for SSL authentication. This issue was addressed through improved matching of valid client certificates.
security content of iOS 9 @apple