• Teacher Boonchoo home for special children
  • This AI-powered weed-removing robot could help farmers in Africa grow more crops
  • AU Awards for Excellence Recipient 2023
  • According to the Microsoft Storage policy announced earlier
  • Windows has no sound
  • Office of Information Technology Services (ITS) organizing a meeting of website administrators of faculties and departments
  • Download Form
  • History
  • Planting mangrove forest
  • Services
  • Training to use the program Adobe Photoshop CS6
  • AU Awards for Excellence Conferral 2022
  • The Coral That Does It with the Lights On
  • Unlocking Cyber Safety: AU's IT Security Training
  • Urgent Network Equipment Maintenance on November 2, 2023, due to Cybersecurity Issue
  • Common problems with Windows 10
  • Web Development of Office ITS Meeting with Assumption Business Leading Entrepreneur(ABLE)
  • Computer Laboratories
  • Vision, Mission and Values
  • Foundation for The Blind in Thailand Under The Royal Patronage of H.M. The Queen
  • Office of ITS organized the "Google for Education Update 2019" Training No.1 (Morning)
  • AU Awards Presentation Christmas 2015 & New Year Celebrations
  • Why are heatwaves getting worse?
  • Her Majesty Queen Suthida Bajrasudhabimalalakshana's Birthday
  • User Gmail Lock
  • Technical Support
  • Quality Assurance (QA)
  • Self Assessment Report (SAR)
  • Office of ITS organized the "Google for Education Update 2019" Training No.1 (Afternoon)
  • AU Awards Presentation Christmas 2014 & New Year Celebrations
  • Artificial eyries raise hopes of golden eagles breeding in southern Scotland
  • Power supply maintenance schedule
  • the Anniversary of the Chapel of St. Louis Marie de Montfort
  • Reset forgotten Windows 10/8/7 password with Hiren USB
  • Learning Management System (LMS)
  • IT Policies
  • Office of ITS organized the "Google for Education Update 2019" Training No.2 (Morning)
  • AU Awards Presentation Christmas 2013 & New Year Celebrations
  • Here’s our top 10 tips to reduce your carbon emissions.
  • Configuration Windows for Use Toad 8.5
  • WiFi Connection
  • ITS Members
  • Office of ITS organized the "Google for Education Update 2019" Training No.2 (Afternoon)
  • AU Awards Presentation Christmas 2012 & New Year Celebrations
  • Microsoft Office 365 platform
  • Virtual Power Plant
  • 10 prompt engineering tips and best practices
  • AU Songkran Festival
  • Remote Assistance service
  • Organization Chart
  • ITS's Survey
  • Basic training in using dockers
  • AU Awards Presentation Christmas 2011 & New Year Celebrations
  • "Recording" in Google Meet will be unavailable
  • Deep Learning Model
  • Exploring SASE: The Future of Network Security and Connectivity
  • AU Fires Up Safety Skills!
  • AU Account
  • AU Awards Presentation Christmas 2016 & New Year Celebrations
  • The MS Teams will not support for Android 5 6 and 7
  • Scientists warn polar ice melts faster than expected
  • Top-Clicked phishing topics
  • Ed PEx Workshop: Introducing the Units to a State-of-the-Art Systematic Thinking Approach for Performance Excellence
  • AU Awards Presentation Christmas 2009 & New Year Celebrations
  • Google will not longer support Google Site Classic version
  • Off Grid Box
  • Take a peek at ransomware victims’ failure points
  • AU Mourns the Loss of Distinguished Professor Rev. Bro. Simeon
  • Corporate Social Responsibility
  • AU Awards for Excellence Conferral 2021
  • Google for Education services
  • Arctic hollow glass
  • Using Git with Gitlab
  • AU Honors His Majesty King Bhumibol Adulyadej The Great
  • Cookie consent
  • AU Awards Presentation Christmas 2020 & New Year Celebrations
  • What is Clean Energy? How does IT work? Why is IT so important
  • How to connect a projector wirelessly using Letsview
  • AU Celebrates the Feast of the Assumption with Reverence and Devotion
  • Feedback
  • Group Email Sending Permission Request Form
  • China drought causes Yangtze to dry up, sparking shortage of hydropower
  • TUC says government is failing to protect workers from AI harms
  • Assumption University Honors Her Majesty Queen Sirikit The Queen Mother on Her 91st Birthday Anniversary Celebration
  • Self-Service Resetting AU Account Password
  • AU Awards Presentation Christmas 2019 & New Year Celebrations
  • AIS Thai people without E-Waste receive Earth Day
  • Fake ChatGPT Scam Turns into a Fraudulent Money-Making Scheme
  • Assumption University Celebrates the Birthday of H.M. King Maha Vajiralongkorn Phra Vajiraklaochaoyuhua
  • Cookie statement
  • AU Awards Presentation Christmas 2018 & New Year Celebrations
  • Solar-powered electric vehicles move one step closer to market
  • University Honors Thai Traditions with Buddhist Lent Day Observance
  • Early heatwave in Europe
  • AU Awards Presentation Christmas 2017 & New Year Celebrations
  • New threaten the security of iOS and Mac
  • Happy Birthday to “Our Beloved President”
  • Renewable Energy Sources
  • WARNING: Info-Stealer malware as a service
  • Anniversary of the Chapel of St. Louis Marie de Montfort
  • Introduction to using Sharepoint
  • Songkran Festival 2023@AU
  • All presentations clip from TTT 2022 Reinforce: Enterprise IT Infrastructure Day
  • VCU EdPEx Workshop Program
  • Docker Basic
  • AU Chinese New Year Celebration 2023
  • Self-Service Password Resetting System
  • AUAA Team Presented Thai Jasmine Rice to the University
  • Projector not connect? Check cable first
  • Merry Christmas and Happy New Year 2023 Greetings
  • Reset Windows Password with HIREN USB
  • Blessing Ceremonies for Her Royal Highness Princess Bajrakitiyabha Narendira Debyavati, the Princess Rajasarinisiribajra
  • GlobalProtect
  • Ceremony to Mark the Memorial Day of The Late His Majesty King Bhumibol Adulyadej The Great
  • AU Personnel Training Program “Make AU Our Second Home”
  • Common projector issue : No signal input
  • AU Community Received Tung Pan Num Jai
  • Simple WiFi connection script for Windows
  • AU Birthday Celebration of H.M. Queen Suthida Bajrasudhabimalalakshana
  • Google Drive to MS One Drive
  • Digital Marketing Workshop by ISL, VMS for AU personnel towards Digital Era
  • Office 365 Account Settings
  • AU Celebration of H.M.Queen Sirikit The Queen Mother's Birthday
  • How to add an external guest to a Microsoft Team
  • Closing Ceremony of the 50th Anniversary Celebrations of Assumption University
  • Installing Window 7 with USB
  • The 90th Birthday Anniversary of The Great Professor of the Order of St. Gabriel
  • How to kill or cure a virus on a flash drive
  • Celebration of Assumption Day : Assumption Day and Crowning Ceremony
  • Office 365 subscriptions for SMBs
  • AU KM Workshop
  • Using projector remote control - Input selection
  • Digital Marketing Workshop Series: SEO for Beginners
  • 5th AU Digital Marketing Workshop Series
  • Creating tasks and to-do lists in Google Calendar
  • New AU Spark Manual for Student
  • AU Co-Working space to the AU community members
  • New AU Spark Manual for Teacher
  • AU Songkran Celebration 2021
  • Assumption University Receiving COVID-19 Vaccination
  • Things to Know MT
  • AU Celebration of Assumption Day and Crowning Ceremony Assumption Day 2022
  • The Ceremony to Pay Tribute to H.M. Queen Sirikit The Queen Mother
  • Birthday Anniversary of H.M. King Maha Vajiralongkorn Phra Vajiraklaochaoyuhua
  • Meeting with the Department of Disease Control Samut Prakan Province
  • Birthday Celebration of Her Majesty Queen Suthida Bajrasudhabimalalakshana
  • Digital Technologies for Creating Virtual Spaces
  • Teacher Boonchoo home for special children
  • This AI-powered weed-removing robot could help farmers in Africa grow more crops
  • AU Awards for Excellence Recipient 2023
  • According to the Microsoft Storage policy announced earlier
  • Windows has no sound
  • Office of Information Technology Services (ITS) organizing a meeting of website administrators of faculties and departments
  • Download Form
  • History
  • Planting mangrove forest
  • Services
  • Training to use the program Adobe Photoshop CS6
  • AU Awards for Excellence Conferral 2022
  • The Coral That Does It with the Lights On
  • Unlocking Cyber Safety: AU's IT Security Training
  • Urgent Network Equipment Maintenance on November 2, 2023, due to Cybersecurity Issue
  • Common problems with Windows 10
  • Web Development of Office ITS Meeting with Assumption Business Leading Entrepreneur(ABLE)
  • Computer Laboratories
  • Vision, Mission and Values
  • Foundation for The Blind in Thailand Under The Royal Patronage of H.M. The Queen
  • Office of ITS organized the "Google for Education Update 2019" Training No.1 (Morning)
  • AU Awards Presentation Christmas 2015 & New Year Celebrations
  • Why are heatwaves getting worse?
  • Her Majesty Queen Suthida Bajrasudhabimalalakshana's Birthday
  • User Gmail Lock
  • Technical Support
  • Quality Assurance (QA)
  • Self Assessment Report (SAR)
  • Office of ITS organized the "Google for Education Update 2019" Training No.1 (Afternoon)
  • AU Awards Presentation Christmas 2014 & New Year Celebrations
  • Artificial eyries raise hopes of golden eagles breeding in southern Scotland
  • Power supply maintenance schedule
  • the Anniversary of the Chapel of St. Louis Marie de Montfort
  • Reset forgotten Windows 10/8/7 password with Hiren USB
  • Learning Management System (LMS)
  • IT Policies
  • Office of ITS organized the "Google for Education Update 2019" Training No.2 (Morning)
  • AU Awards Presentation Christmas 2013 & New Year Celebrations
  • Here’s our top 10 tips to reduce your carbon emissions.
  • Configuration Windows for Use Toad 8.5
  • WiFi Connection
  • ITS Members
  • Office of ITS organized the "Google for Education Update 2019" Training No.2 (Afternoon)
  • AU Awards Presentation Christmas 2012 & New Year Celebrations
  • Microsoft Office 365 platform
  • Virtual Power Plant
  • 10 prompt engineering tips and best practices
  • AU Songkran Festival
  • Remote Assistance service
  • Organization Chart
  • ITS's Survey
  • Basic training in using dockers
  • AU Awards Presentation Christmas 2011 & New Year Celebrations
  • "Recording" in Google Meet will be unavailable
  • Deep Learning Model
  • Exploring SASE: The Future of Network Security and Connectivity
  • AU Fires Up Safety Skills!
  • AU Account
  • AU Awards Presentation Christmas 2016 & New Year Celebrations
  • The MS Teams will not support for Android 5 6 and 7
  • Scientists warn polar ice melts faster than expected
  • Top-Clicked phishing topics
  • Ed PEx Workshop: Introducing the Units to a State-of-the-Art Systematic Thinking Approach for Performance Excellence
  • AU Awards Presentation Christmas 2009 & New Year Celebrations
  • Google will not longer support Google Site Classic version
  • Off Grid Box
  • Take a peek at ransomware victims’ failure points
  • AU Mourns the Loss of Distinguished Professor Rev. Bro. Simeon
  • Corporate Social Responsibility
  • AU Awards for Excellence Conferral 2021
  • Google for Education services
  • Arctic hollow glass
  • Using Git with Gitlab
  • AU Honors His Majesty King Bhumibol Adulyadej The Great
  • Cookie consent
  • AU Awards Presentation Christmas 2020 & New Year Celebrations
  • What is Clean Energy? How does IT work? Why is IT so important
  • How to connect a projector wirelessly using Letsview
  • AU Celebrates the Feast of the Assumption with Reverence and Devotion
  • Feedback
  • Group Email Sending Permission Request Form
  • China drought causes Yangtze to dry up, sparking shortage of hydropower
  • TUC says government is failing to protect workers from AI harms
  • Assumption University Honors Her Majesty Queen Sirikit The Queen Mother on Her 91st Birthday Anniversary Celebration
  • Self-Service Resetting AU Account Password
  • AU Awards Presentation Christmas 2019 & New Year Celebrations
  • AIS Thai people without E-Waste receive Earth Day
  • Fake ChatGPT Scam Turns into a Fraudulent Money-Making Scheme
  • Assumption University Celebrates the Birthday of H.M. King Maha Vajiralongkorn Phra Vajiraklaochaoyuhua
  • Cookie statement
  • AU Awards Presentation Christmas 2018 & New Year Celebrations
  • Solar-powered electric vehicles move one step closer to market
  • University Honors Thai Traditions with Buddhist Lent Day Observance
  • Early heatwave in Europe
  • AU Awards Presentation Christmas 2017 & New Year Celebrations
  • New threaten the security of iOS and Mac
  • Happy Birthday to “Our Beloved President”
  • Renewable Energy Sources
  • WARNING: Info-Stealer malware as a service
  • Anniversary of the Chapel of St. Louis Marie de Montfort
  • Introduction to using Sharepoint
  • Songkran Festival 2023@AU
  • All presentations clip from TTT 2022 Reinforce: Enterprise IT Infrastructure Day
  • VCU EdPEx Workshop Program
  • Docker Basic
  • AU Chinese New Year Celebration 2023
  • Self-Service Password Resetting System
  • AUAA Team Presented Thai Jasmine Rice to the University
  • Projector not connect? Check cable first
  • Merry Christmas and Happy New Year 2023 Greetings
  • Reset Windows Password with HIREN USB
  • Blessing Ceremonies for Her Royal Highness Princess Bajrakitiyabha Narendira Debyavati, the Princess Rajasarinisiribajra
  • GlobalProtect
  • Ceremony to Mark the Memorial Day of The Late His Majesty King Bhumibol Adulyadej The Great
  • AU Personnel Training Program “Make AU Our Second Home”
  • Common projector issue : No signal input
  • AU Community Received Tung Pan Num Jai
  • Simple WiFi connection script for Windows
  • AU Birthday Celebration of H.M. Queen Suthida Bajrasudhabimalalakshana
  • Google Drive to MS One Drive
  • Digital Marketing Workshop by ISL, VMS for AU personnel towards Digital Era
  • Office 365 Account Settings
  • AU Celebration of H.M.Queen Sirikit The Queen Mother's Birthday
  • How to add an external guest to a Microsoft Team
  • Closing Ceremony of the 50th Anniversary Celebrations of Assumption University
  • Installing Window 7 with USB
  • The 90th Birthday Anniversary of The Great Professor of the Order of St. Gabriel
  • How to kill or cure a virus on a flash drive
  • Celebration of Assumption Day : Assumption Day and Crowning Ceremony
  • Office 365 subscriptions for SMBs
  • AU KM Workshop
  • Using projector remote control - Input selection
  • Digital Marketing Workshop Series: SEO for Beginners
  • 5th AU Digital Marketing Workshop Series
  • Creating tasks and to-do lists in Google Calendar
  • New AU Spark Manual for Student
  • AU Co-Working space to the AU community members
  • New AU Spark Manual for Teacher
  • AU Songkran Celebration 2021
  • Assumption University Receiving COVID-19 Vaccination
  • Things to Know MT
  • AU Celebration of Assumption Day and Crowning Ceremony Assumption Day 2022
  • The Ceremony to Pay Tribute to H.M. Queen Sirikit The Queen Mother
  • Birthday Anniversary of H.M. King Maha Vajiralongkorn Phra Vajiraklaochaoyuhua
  • Meeting with the Department of Disease Control Samut Prakan Province
  • Birthday Celebration of Her Majesty Queen Suthida Bajrasudhabimalalakshana
  • Digital Technologies for Creating Virtual Spaces

 
 
 

 
 
 

ช่องโหว่ใหม่ที่คุกคามระบบความปลอดภัยของ iOS และ Mac 

 

ช่องโหว่ใหม่นี้กระทบอุปกรณ์ที่ใช้ระบบปฏิบัติการ iOS และ MacOS โดยที่หากโจมตีสำเร็จ ผู้โจมตีสามารถเข้าถึงข้อมูลทุกอย่างบนอุปกรณ์ได้ เช่น ประวัติการโทร ภาพถ่าย ข้อความ เป็นต้น

ช่องโหว่ใหม่นี้ถูกค้นพบโดยทีมนักวิจัยจาก Trellix’s Advance Research Center ซึ่งได้เปิดเผยถึงช่องโหว่ที่ hacker สามารถใช้เพื่อข้ามผ่านระบบรักษาความปลอดภัยของ Apple และสามารถรันโค้ดที่ไม่ได้รับอนุญาตได้

ทีมนักวิจัยเผยว่า ช่องโหว่ที่พวกเขาค้นพบนี้ก็อยู่ในส่วนของโค้ดที่ไว้ใช้ป้องกันระบบนั่นเอง 

ช่องโหว่นี้ได้รับการจัดอันดับให้มีความร้ายแรงในระดับกลางถึงสูง ซึ่งสามารถถูกใช้โดย malicious software เพื่อเข้าถึงข้อมูลในอุปกรณ์

Doug McKee ผู้อำนวยการฝ่ายงานวิจัยของ Trellix กล่าวว่า กุญแจสำคัญของช่องโหว่นี้ก็คือมันสามารถที่จะทำลายการป้องกันของ Apple ในระดับพื้นฐานเลย

ช่องโหว่นี้มีความเกี่ยวข้องกับช่องโหว่ที่ถูกค้นพบก่อนนี้จากการโจมตีในแบบที่เรียกว่า ForcedEntry

จากการวิเคราะห์ การโจมตีของ ForcedEntry นั้นมีสองส่วน ส่วนแรกคือต้องทำการ หลอก อุปกรณ์เพื่อจัดติดตั้ง โค้ด บางอย่างลงไป เช่น หลอกให้เปิด PDF ที่ฝังโค้ดไว้โดยทำให้คิดว่าเป็นไฟล์ GIF ส่วนที่สองคือการลอบเร้นผ่าน Apple Sandbox ที่เอาไว้จำกัดขอบเขตการทำงานของโปรแกรมในการเข้าถึงข้อมูล

นักวิจัยอาวุโส Austin Emmitt ตั้งเป้าการวิจัยไปที่ในการทำงานส่วนที่สอง ที่สามารถทำให้หลุดจากการทำงานของ Sandbox ได้

Emmitt ค้นพบ class ที่มีช่องโหว่หลายตัวที่ทำงานอยู่รอบๆ NSPredicate ซึ่งเป็นเครื่องมือที่ใช้ในการกลั่นกรองโค้ดในระบบของ Apple

คุณ McKee กล่าวว่า ช่องโหว่ที่เกิดจาก class ใน NSPredicate นั้น มีใช้งานอยู่ทั่วไปหมดทั้งใน iOS และ MacOS รวมถึงใช้งานในโปรแกรม Springboard ที่ใช้บริหารจัดการ Home Screen ของอุปกรณ์ iPhone ซึ่งสามารถเข้าถึงข้อมูลต่างๆเช่น รูปภาพ หรือแม้กระทั่งควบคุมกล้อง

Hacker ที่จะเจาะระบบผ่านวิธีนี้ จำเป็นต้องหาวิธีในการ ฝัง โปรแกรมของเขาในระบบเสียก่อน ดังนั้น ช่องโหว่ที่ถูกค้นพบไม่ได้หมายถึงมันเป็ช่องโหว่เครื่องทั้งหมดจะถูกโจมตีได้ทันที

Apple ได้ออกแพทช์สำหรับช่องโหว่ใน NSPredicate ใน MacOS 13.2 และ iOS 16.3 เมื่อเดือนมกราคมที่ผ่านมาไปแล้ว แต่ถึงอย่างนั้น ช่องโหว่นี้ก็ยังคงมีอยู่ ซึ่งคาดว่าทาง Apple จะออกแพทช์มาเพื่อแก้ไขปัญหานี้ต่อไป

 

แปลและเรียบเรียงจาก https://www.dawn.com/news/1738499

 

 

Office of Information Technology Services :

Hua Mak Campus
E Building 1st floor,
592/3 Soi Ramkhamhaeng 24, Ramkhamhaeng Rd.
Hua Mak, Bang Kapi , Bangkok 10240, Thailand

Office of Information Technology Services :

Suvarnabhumi Campus
Srisakdi Charmonman IT Building 3rd floor,
88 Moo 8 Bang Na-Trad Km. 26
Bang Sao Thong, Samut Prakan 10570, Thailand

(66) 0-2300-4543-62 Ext. 3333

helpdesk@au.edu

AU ITS Line

(66) 0-2723-2833

helpdesk@au.edu

AU ITS Line
Copyright © 2022 Office of Information Technology Services. All Rights Reserved.