Chaining GhostLock with a Firefox 0-day, we managed to remote control any Android device (even the latest Android 17) from a simple URL click. We name this full-chain exploit "IonStack", because it's IonMonkey 0-day in Firefox and a StackOverflow in Linux kernel.
Our blog post -> https://nebusec.ai/research/ionstack-part-2/
Exploit Github -> https://github.com/NebuSec/CyberMeowfia