Laurent Chouinard

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.4 **Description** The issue is related to the Reminders component in Apple OS X, which has inadequate access control. This allows attackers to bypass the intended user-confirmation requirement. By exploiting this, an attacker can trigger a dialing action via a `tel:` URL without the user's permission. **Recommendations** For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of `tel:` URLs in the Reminders component until the update is applied.