Skip to content

Pwnies

recognize both excellence and incompetence in the field of information security

  • news
  • About
  • noms
  • winners
  • previous
  • team

The 2020 Pwnie Nominee For Best Privilege Escalation Bug

Exploiting the “noowners” Flag – APFS Privilege Escalation

Csaba Fitzl

A user may gain access to protected parts of the file system through APFS snapshot as read-only, with “noowners” flag.

About the security content of macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, CVE-2020-9771

calendar

Apr 19
Nominations open
Jul 19
Nominees announced, Summercon 2024, Brooklyn, NY
Aug 10
Awards Ceremony, 10:00am, DEF CON 32, Las Vegas Convention Center, Las Vegas, NV

awards ceremony

Date
August 10
Time
10:00am PDT
Where
DEF CON 32, Las Vegas Convention Center, Las Vegas, NV

follow us

  • twitter
  • atom feed

Archives

  • Nominations and Winners Archive
Copyright © 2007-2025 Pwnie Awards LLC. Designed by ikonoklasm.