Chain of Exploitation
A new proof of concept attack called IonStack demonstrates how a single click on a malicious URL can give an attacker complete control over an Android device. Developed by Nebula Security, this exploit is described as the first public demonstration of a full Android 17 root compromise. It connects two previously unknown vulnerabilities: a Firefox zero day affecting all versions before v151.0.2 and a Linux kernel flaw that has been present in mainstream distributions for approximately 15 years. The attack begins by compromising the Firefox renderer process through the browser vulnerability, then uses the kernel flaw to break out of the browser sandbox and escalate privileges to the kernel level.
Impact and Remediation
Once kernel access is obtained, the attacker can exfiltrate data, install persistent backdoors, conduct surveillance, and remotely control the device. The kernel bug was detected by Nebula Security’s automated scanning agent VEGA, which the team says outperformed comparable tools like Mythos in identifying deeply embedded flaws. The long dwell time of the 15 year old kernel bug underscores how legacy code in widely deployed open source components can harbor critical vulnerabilities affecting billions of Android and Linux based devices. Users should update Firefox to version v151.0.2 or later immediately and watch for Linux kernel patches once the CVE is assigned. Nebula states the vulnerabilities were disclosed responsibly and were not exploited in the wild before their research.
Source: Cyber Security News
