Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Google patched 124 Android vulnerabilities in June 2026, including CVE-2025-48595, a high-severity privilege escalation flaw (CVSS 8.4) in the Framework component that is actively exploited in the wild. The vulnerability affects Android 14, 15, 16, and 16 QPR2, allowing code execution through integer overflow without user interaction. This is a weaponized flaw with limited but confirmed real-world exploitation.

CRITICALAdvisoryJun 04, 2026

Action required

Immediately identify and patch all Android 14, 15, 16, and 16 QPR2 devices to the June 2026-06-05 patch level or later. Prioritize devices in high-risk roles (executive, engineering, infrastructure access). Monitor endpoint logs for suspicious Framework component activity and unexpected privilege escalations.

Affected products

GoogleAndroidQualcommMediaTekImagination Technologies

CVE IDs

CVE-2025-48595

Linked articles

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Source links

https://thehackernews.com/2026/06/google-june-2026-android-update-patches.html