"Microsoft Remote Desktop Client for Mac OS X allows a malicious terminal server to read and write any file in the home directory of the connecting user,"
by crafting a special 'rdp' URL and directing the user to click it.
Microsoft has patched a code execution hole in its Mac remote desktop client that grants read and write to home directories if users do no more than click a link, says Italian security researcher Filippo Cavallarin. The hole was patched 17 January. Cavallarin says the flaw allowed remote attackers to execute arbitrary code on …