Apple · Os X · CVE-2016-1770
**Name of the Vulnerable Software and Affected Versions**
Apple OS X versions prior to 10.11.4
**Description**
The issue is related to the Reminders component in Apple OS X, which has inadequate access control. This allows attackers to bypass the intended user-confirmation requirement. By exploiting this, an attacker can trigger a dialing action via a `tel:` URL without the user's permission.
**Recommendations**
For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of `tel:` URLs in the Reminders component until the update is applied.