Critical Android remote root exploit chain disclosed

coolapk.com · ⭐️ 9/10 · 2026-07-08

Nebula Security disclosed a remote root exploit chain targeting all Android versions, combining a Firefox browser vulnerability (affecting version 151.0.2 and earlier) and a 15-year-old Linux kernel flaw (CVE-2026-43499, GhostLock), with proof-of-concept code released on GitHub. This exploit chain allows attackers to gain persistent root access on any Android device by simply tricking a user into clicking a malicious link, posing a severe security risk to billions of users and potentially leading to widespread exploitation. The attack leverages a remote code execution vulnerability in Mozilla Firefox and the GhostLock kernel flaw for privilege escalation, enabling attackers to execute arbitrary commands via ADB and implant files for persistent control.

Background

Android Debug Bridge (adb) is a command-line tool for debugging and managing Android devices, often used for development. A remote root exploit allows an attacker to gain superuser (root) access over a network. The GhostLock vulnerability is a local privilege escalation flaw in the Linux kernel that has remained undetected for 15 years.

References

Read original