Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Mycelium Framework: First AI-as-a-Service Botnet Discovered
July 8, 2026
Critical SharePoint RCE Vulnerability CVE-2023-29357 Gets PoC Exploit Code
July 8, 2026
Critical Android 14 vulnerability lets attackers gain full control
July 8, 2026
Home/CyberSecurity News/Critical Android 14 vulnerability lets attackers gain full control
CyberSecurity News

Critical Android 14 vulnerability lets attackers gain full control

Key Takeaways A new full-chain exploit, dubbed “IonStack,” can grant attackers complete control over Android devices through a single malicious URL click. The exploit leverages two...

Emy Elsamnoudy
Emy Elsamnoudy
July 8, 2026 3 Min Read
3 0

Key Takeaways

  • A new full-chain exploit, dubbed “IonStack,” can grant attackers complete control over Android devices through a single malicious URL click.
  • The exploit leverages two previously unknown zero-day vulnerabilities: one affecting Firefox (all versions prior to v151.0.2) and another in the Linux kernel (present for approximately 15 years).
  • Developed by Nebula Security, IonStack represents the first public demonstration of a full browser-to-kernel root for Android 17.
  • While not found in the wild, the disclosure highlights the critical need for immediate browser updates and future Linux kernel patches.

“IonStack” Exploit Chains Firefox and Linux Kernel Zero-Days for Full Android Control

Cybersecurity firm Nebula Security has unveiled a critical full-chain exploit, dubbed “IonStack,” demonstrating how a single click on a malicious URL can lead to an attacker gaining complete control over an Android device. This proof-of-concept, which the company claims is the world’s first public Android 17 root demonstration, meticulously chains together two zero-day vulnerabilities to achieve remote code execution and privilege escalation without any further user interaction.

Table Of Content

  • Key Takeaways
  • “IonStack” Exploit Chains Firefox and Linux Kernel Zero-Days for Full Android Control
  • The Dual Zero-Day Attack Chain
  • Consequences of Kernel Compromise
  • Automated Detection and Responsible Disclosure
  • What You Should Do

The Dual Zero-Day Attack Chain

The IonStack exploit capitalizes on two previously undisclosed vulnerabilities:

  • Firefox Zero-Day: This flaw affects all versions of the Firefox browser prior to v151.0.2. It serves as the initial entry point, allowing an attacker to compromise the browser’s renderer process when a victim visits or clicks a specially crafted URL.
  • Linux Kernel Zero-Day: A long-standing vulnerability, present in mainstream Linux distributions for approximately 15 years, enables the attacker to escalate privileges from the confined browser sandbox to full kernel-level control.

The attack progresses by first exploiting the Firefox vulnerability to gain a foothold within the browser. From there, it pivots to the underlying Linux kernel, which powers the Android operating system, effectively breaking out of all sandbox restrictions. Nebula Security showcased this capability, stating, “We’re celebrating by bringing you the world’s first Android 17 root demo — “IonStack”, a url click can let attacker fully control your phone. This is not only an an Android root demo. We’re bringing you a full chain browser-to-kernel… pic.twitter.com/AvcpdCUvpj” on June 24, 2026.

Consequences of Kernel Compromise

Once an attacker achieves kernel access, they effectively “own” the compromised device. This level of control grants extensive capabilities, including the ability to exfiltrate sensitive data, conduct pervasive surveillance, install persistent backdoors, and maintain full remote control over the device and its functions.

Automated Detection and Responsible Disclosure

Both zero-day vulnerabilities were discovered by VEGA, Nebula Security’s proprietary automated code scanning agent. Nebula Security highlights that VEGA proved superior to comparable security tools, including the Mythos scanner, in identifying these deeply embedded flaws. Researchers noted that VEGA’s ability to uncover a 15-year-old kernel bug underscores the effectiveness of automated static and dynamic analysis in detecting vulnerabilities that have eluded manual reviews and existing tools for over a decade.

Browser-to-kernel exploit chains represent one of the most severe threats in the mobile security landscape. They require minimal user interaction (a single click) and are designed to bypass multiple layers of operating system-level sandboxing, making them particularly dangerous. The longevity of the Linux kernel flaw—15 years—serves as a stark reminder of the persistent challenge posed by legacy code in widely adopted open-source components. Such vulnerabilities can persist for years, impacting billions of devices running Android and other Linux-based systems.

Nebula Security has confirmed that the vulnerabilities were disclosed responsibly to the relevant parties and were not observed being exploited in the wild prior to their research. This positions IonStack as a defensive demonstration of potential threats rather than an active in-the-wild attack.

What You Should Do

  • Update your Firefox browser to version v151.0.2 or later immediately to mitigate the browser-based zero-day.
  • Monitor official channels for forthcoming Linux kernel patches that will address the disclosed CVE once it is assigned and publicly released.
  • Enterprises and IT departments should prioritize and accelerate patch management cycles for both browser and kernel components across their device fleets.
  • Security teams should consider integrating advanced automated vulnerability scanning tools, similar to VEGA, into their continuous integration/continuous deployment (CI/CD) pipelines to enhance ongoing threat detection.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEExploitPatchSecurityThreatVulnerabilityzero-day

Share Article

Emy Elsamnoudy

Emy Elsamnoudy

Emy is a cybersecurity analyst and reporter specializing in threat hunting, defense strategies, and industry trends. With expertise in proactive security measures, Emily covers the tools and techniques organizations use to detect and prevent cyber attacks. She is a regular speaker at security conferences and has contributed to industry reports on threat intelligence and security operations. Emily's reporting focuses on helping organizations improve their security posture through practical, actionable insights.

Previous Post

CISA Warns of Adobe ColdFusion Path Traversal Vulnerability Exploited in Attacks

Next Post

Critical SharePoint RCE Vulnerability CVE-2023-29357 Gets PoC Exploit Code

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Discord Bug Mistakenly Banned Over 8,000 Accounts Since May
July 8, 2026
China-Linked Hackers Exploit Critical Ruckus Router Flaws
July 8, 2026
Critical GhostLock Vulnerability in Linux Kernel Lets Attackers Escalate Privileges
July 8, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
David kimber
David kimber
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us