Google has released its June 2026 Android security update, addressing 124 vulnerabilities, including a high-severity flaw actively exploited in the wild.
Google’s June 2026 Android Update Fixes 124 Vulnerabilities, Including Actively Exploited Flaw
On June 2, 2026, Google rolled out its monthly security update for Android, patching 124 vulnerabilities across various components. Notably, this update addresses CVE-2025-48595, a high-severity privilege escalation flaw in the Framework component, which has been actively exploited.
Details of CVE-2025-48595:
CVE-2025-48595 is an integer overflow vulnerability that allows attackers to execute code without user interaction. It affects devices running Android versions 14, 15, 16, and 16 QPR2. Google has acknowledged indications of limited, targeted exploitation of this flaw.
Additional Vulnerabilities Addressed:
The update also fixes several other vulnerabilities, including:
– System Component Flaws: Multiple issues that could lead to local privilege escalation without additional execution privileges.
– Kernel and Third-Party Component Vulnerabilities: Patches for components from Imagination Technologies, MediaTek, Qualcomm, and Unisoc.
Patch Levels:
Google has released two patch levels for this update:
– 2026-06-01: Addresses vulnerabilities common to all Android devices.
– 2026-06-05: Includes all fixes from the first patch level, plus additional patches for kernel and third-party components.
Recommendations for Users:
Users are strongly advised to update their devices promptly to mitigate potential security risks. Regularly updating devices ensures protection against known vulnerabilities and enhances overall security.
