Google June 2026 Android Update Fixes 124 Flaws, One Actively Exploited

Google has rolled out its June 2026 Android security bulletin, addressing 124 vulnerabilities across the mobile operating system, including a high-severity privilege escalation flaw that is already being exploited in the wild. Tracked as CVE-2025-48595, the vulnerability carries a CVSS score of 8.4 and stems from an integer overflow that could allow local code execution without requiring user interaction or additional execution privileges. The flaw impacts devices running Android 14, 15, 16, and 16 QPR2, placing hundreds of millions of consumer and enterprise devices at risk if left unpatched.

Google has confirmed there are indications that CVE-2025-48595 is under limited, targeted exploitation, though the company stopped short of disclosing threat actors, victimology, or campaign scope. Historically, vulnerabilities of this nature have been weaponized by commercial spyware vendors to surveil journalists, dissidents, and corporate executives. Beyond the actively exploited Framework bug, the bulletin also patches multiple high-severity flaws in the System component that could similarly result in local privilege escalation with no extra execution privileges required.

The update is split across two patch levels: 2026-06-01 covers core Android components, while 2026-06-05 includes those fixes alongside patches for kernel-level and third-party chipset vulnerabilities from Imagination Technologies, MediaTek, Qualcomm, and Unisoc. OEMs are expected to begin rolling out the security update to supported devices in the coming weeks. Users are strongly advised to verify their patch level and install updates as soon as they become available, as delays could expose devices to drive-by exploitation and forensic-style spyware implants. Security-conscious users can also run a quick privacy checkup to review device exposure and check whether their associated accounts have appeared in known data breaches, while ensuring all credentials are protected using a strong password checker to prevent follow-on account compromise.