Google's June 2026 Android security patches address 124 vulnerabilities, including an actively exploited zero-day (CVE-2025-48595, CVSS 8.4 HIGH). This high-severity flaw in the Android Framework allows local attackers to execute code and escalate privileges on devices running Android versions 14.0, 15.0, and 16.0. The patches are delivered via two security patch levels, 2026-06-01 and 2026-06-05, with the latter being more comprehensive.
Vulnerability Management Google releases June Android security patches addressing 124 vulnerabilities, including 1 zero-day June 2, 2026 Share By SC Staff (Credit: prima91 – stock.adobe.com) Bleeping Computer reports that Google has released its June 2026 Android security patches, which address a total of 124 vulnerabilities. Among these is a zero-day flaw that has reportedly been exploited in targeted attacks. The actively exploited vulnerability, identified as CVE-2025-48595, is a high-severity flaw in the Android Framework that allows local attackers to gain code execution and escalate privileges on devices running Android 14 or later. Google indicated that this vulnerability may be under limited, targeted exploitation, a characteristic often associated with commercial spyware or nation-state operations targeting high-profile individuals. In addition to this zero-day, the update includes fixes for 18 critical vulnerabilities across System, Framework, and Qualcomm components. One critical flaw in the Framework component could allow for remote escalation of privilege without user interaction. Google released two patch levels, 2026-06-01 and 2026-06-05, with the latter including all fixes from the former plus additional patches for third-party and kernel subcomponents. While Pixel devices receive updates immediately, other manufacturers may take longer to implement them. Source: Bleeping Computer SC Staff Related Vulnerability Management Most organizations that miss 24-hour patch window report breaches Steve Zurier June 2, 2026 Study points out that AI has shattered the model of patching on a two- to four-week schedule. Patch/Configuration Management CISA orders agencies to patch critical Oracle WebLogic Server vulnerability SC Staff June 2, 2026 The vulnerability, CVE-2024-21182, affects Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. Vulnerability Management Microsoft denies legal action against researchers after slamming BlueHammer publisher Laura French June 2, 2026 The company was criticized after a blog posted that suggested law enforcement involvement. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds