Google has released its June 2026 Android security update, addressing a total of 124 vulnerabilities affecting the Android operating system, including one high severity flaw that has reportedly been actively exploited in limited targeted attacks. The update, published on June 2, includes fixes across multiple Android components and hardware platforms, reinforcing efforts to strengthen security protections for users running supported Android devices. Among the patched vulnerabilities, Google highlighted CVE-2025-48595, a flaw affecting the Android Framework component that has drawn attention due to indications of active exploitation.
Tracked as CVE-2025-48595 and carrying a Common Vulnerability Scoring System score of 8.4, the vulnerability has been classified as a privilege escalation issue capable of being exploited without any user interaction. According to details published through the Common Vulnerabilities and Exposures database, the flaw exists due to an integer overflow issue found in multiple locations within Android Framework. Researchers explained that successful exploitation could potentially allow local code execution and privilege escalation without requiring additional execution permissions. Devices running Android versions 14, 15, 16, and Android 16 Quarterly Platform Release 2 are reportedly affected by the issue. Google stated that there are indications suggesting the flaw may currently be under limited and targeted exploitation, although the company has not disclosed information regarding threat actors, targeted victims, or the scale of attacks observed in the wild.
Security researchers have frequently noted that vulnerabilities involving privilege escalation and silent exploitation methods are particularly concerning because they can enable attackers to compromise devices without requiring direct interaction from users. Similar Android weaknesses in previous years have reportedly been leveraged by commercial spyware developers targeting journalists, activists, political figures, and other high profile individuals through highly focused surveillance campaigns. While Google has not linked the current activity to any specific groups or operations, the company’s acknowledgment of active exploitation has increased urgency surrounding patch deployment for affected users and device manufacturers. Alongside the Framework flaw, Google also addressed multiple vulnerabilities within Android System components, with some of the most severe weaknesses also carrying the potential for local privilege escalation without requiring additional execution privileges.
As part of the June 2026 release, Google introduced two separate security patch levels identified as 2026 06 01 and 2026 06 05. The second patch level includes all fixes contained in the first release while adding security updates related to the Android kernel and third party chipset vendors including Imagination Technologies, MediaTek, Qualcomm, and Unisoc. Following Google’s update, U.S. Cybersecurity and Infrastructure Security Agency added CVE-2025-48595 to its Known Exploited Vulnerabilities catalog on June 2, 2026, directing Federal Civilian Executive Branch agencies to remediate the issue by June 5, 2026. The inclusion of the flaw in the agency’s catalog reflects concerns surrounding its exploitation status and the need for rapid mitigation across government managed environments and supported Android devices.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
