Google has launched the June 2026 Android safety patch that addresses 124 vulnerabilities, together with one zero-day flaw that was exploited in a focused assault.
An actively exploited high-severity Android framework vulnerability (tracked as CVE-2025-48595) may permit a neighborhood attacker to execute code and escalate privileges on gadgets operating Android 14 and later.
“There are indications that CVE-2025-48595 could also be present process restricted and focused exploitation,” the corporate mentioned Monday in its March 2025 Android Safety Bulletin.
“Enhancements in new variations of the Android platform make many points on Android tougher to take advantage of. We encourage all customers to replace to the most recent model of Android at any time when doable.”
Google has not but shared technical particulars concerning the flaw or supplied additional details about ongoing assaults focusing on it, however comparable flaws have been exploited prior to now by industrial adware and nation-state operations focusing on celebrities and people of curiosity.
On this month’s Android safety replace, Google fastened 18 essential vulnerabilities throughout methods, frameworks, and Qualcomm’s closed supply parts. An attacker who efficiently exploited this vulnerability may trigger a denial of service situation and probably escalate privileges on an unpatched Android gadget.
“Essentially the most critical of those points is a essential safety vulnerability in a framework part that would result in distant privilege escalation with out requiring further execution privileges. No person interplay is required for exploitation,” Google added.
On Monday, Google issued two units of patches, safety patch ranges 2026-06-01 and 2026-06-05. The latter bundles all of the fixes from the primary batch, in addition to closed-source third-party and kernel subcomponent patches that won’t apply to all Android gadgets.
Whereas Google Pixel gadgets obtain these safety updates instantly, different distributors typically take longer to check and modify them for particular {hardware} configurations.
CVE-2025-48595 A Google spokesperson didn’t reply to a request for remark from BleepingComputer for extra details about the assault and its targets.
In December, Google launched patches for 2 different high-severity zero-day flaws (CVE-2025-48633 and CVE-2025-48572), and in March it launched a patch for one more zero-day flaw in Qualcomm’s show parts (CVE-2026-21385). These had been all tagged as “below restricted and focused exploitation.”
Final month, Google additionally overhauled its Android and Chrome vulnerability bounty packages, providing bounties of as much as $1.5 million for some Android exploits, whereas utilizing synthetic intelligence (AI) to cut back payouts for simply found flaws.
Automated penetration testing instruments provide actual worth, however they had been constructed to reply one query: Can an attacker get by means of your community? They don’t seem to be constructed to check whether or not controls block threats, detection guidelines fireplace, or cloud configurations are preserved.
This information describes six surfaces that it’s best to truly look at.
Obtain now
