For here, you can close out the App Store. To access the newly downloaded app, click the the grey 'Launchpad' icon in the Dock. Click the Microsoft Remote Desktop app icon to open the app.

Microsoft has patched a code execution hole in its Mac remote desktop client that grants read and write to home directories if users do no more than click a link, says Italian security researcher Filippo Cavallarin.

The hole was patched 17 January.

Cavallarin says the flaw allowed remote attackers to execute arbitrary code on vulnerable machines if users did not more than click phishing links.

From there, attackers would gain read and write access to Mac home directories.

'Microsoft Remote Desktop Client for Mac OS X allows a malicious terminal server to read and write any file in the home directory of the connecting user,' Cavallarin says.

'The vulnerability exists to the way the application handles rdp urls. In the rdp url schema it's possible to specify a parameter that will make the user's home directory accessible to the server without any warning or confirmation request.

'If an attacker can trick a user to open a malicious rdp url, they can read and write any file within the victim's home directory.'

Mac OS X apps like Safari, Mail, and Messages by default open clicked rdp urls without confirmation.

This drastically shortens the attack chain of most phishing attacks which require users to be convinced by some form of narrative to open links and attachments, and again to fill out personal data and credentials into fake forms.

Cavallarin included a proof-of-concept with his disclosure, increasing the need for users to apply the Microsoft updates. ®

Intro to business 2008 glencoe. Sponsored: How the CLOUD Act affects your company's data