IonStack: Android 17 Two-Bug Chain Disclosed by Nebula Security
A security research firm has disclosed a two-vulnerability exploit chain named IonStack that affects Android 17. Nebula Security identified both vulnerabilities and has already notified the relevant developers. The company reports no evidence of real-world attacks using this technique.
What You Should Do Right Now
The browser-side vulnerability affects Firefox versions prior to 151.0.2. Mozilla has already patched this flaw. Users should update Firefox to version 151.0.2 or later immediately. The second vulnerability resides in the Linux kernel that underlies Android. A kernel-level patch has not yet been released. Users should apply the corresponding system update as soon as it becomes available.
How the Vulnerabilities Were Found
Nebula Security discovered both vulnerabilities using its automated code analysis tool, VEGA. The company states the kernel-side flaw had been present in the codebase for approximately 15 years. Previous reviews had not detected it. The research represents the first known public demonstration of root access on Android 17 achieved through a single user interaction.
Responsible Disclosure Status
Nebula Security emphasizes that IonStack is a proof-of-concept demonstration created for responsible disclosure purposes. It is not a confirmed tool in active use by threat actors. The company has shared full technical details with the affected vendors and is cooperating with the disclosure process.
Recommendations
For individual users, the most effective immediate step is updating Firefox to 151.0.2 or newer. Organizations should prioritize browser and OS updates across corporate devices. They should also watch for upcoming kernel patches and deploy them promptly.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.