PT-2016-1538 · Apple · Os X
Guillaume Ross
+1
·
Published
2016-03-24
·
Updated
2016-12-03
·
CVE-2016-1770
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Apple OS X versions prior to 10.11.4
Description
The issue is related to the Reminders component in Apple OS X, which has inadequate access control. This allows attackers to bypass the intended user-confirmation requirement. By exploiting this, an attacker can trigger a dialing action via a
tel: URL without the user's permission.Recommendations
For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of
tel: URLs in the Reminders component until the update is applied.Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Os X