CVE-2016-1770

Name of the Vulnerable Software and Affected Versions Apple OS X versions prior to 10.11.4

Description The issue is related to the Reminders component in Apple OS X, which has inadequate access control. This allows attackers to bypass the intended user-confirmation requirement. By exploiting this, an attacker can trigger a dialing action via a tel: URL without the user's permission.

Recommendations For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of tel: URLs in the Reminders component until the update is applied.