Google released Android security updates that fix an actively exploited flaw affecting devices running Android 14 and later. The zero-day, CVE-2025-48595, is a high-severity Android Framework vulnerability that Google says has seen limited targeted exploitation and can let a local attacker achieve code execution and privilege escalation. The June 2026 bulletins also patch 124 vulnerabilities in total, including 18 critical issues across Framework, System, Qualcomm components, and other closed-source and kernel-related parts.
Why it matters: People and organizations using Android devices may be exposed to a flaw already being used in real attacks, even if only in targeted cases. Apply the June 2026 Android security update as soon as your device vendor makes it available, with particular urgency for Pixel users and higher-risk targets.
Bill Toulas
2026.06.03
98% relevant
This article updates the same underlying event around CVE-2025-48595 by adding that CISA has now placed the Android privilege-escalation flaw in the KEV catalog and set a June 5 remediation deadline for federal agencies.
info@thehackernews.com (The Hacker News)
2026.06.02
97% relevant
This article appears to cover the same June 2026 Android security release, adding that Google patched 124 total flaws in the update while including the actively exploited zero-day CVE-2025-48595.
Eduard Kovacs
2026.06.02
99% relevant
This article reports the same June 2026 Android security update and the same exploited zero-day, CVE-2025-48595, adding that the release patches 124 vulnerabilities total, including 18 critical issues and one additional remote code execution bug, CVE-2026-0059.
Sergiu Gatlan
2026.06.02
100% relevant
This article establishes a new tracked story because it is the first item here about Google's June 2026 Android patch cycle and the actively exploited Android zero-day CVE-2025-48595.
← Back to all stories