Google Patches Actively Exploited Android Zero-Day in June 2026 Security Update

Google has released its June 2026 Android security updates, addressing 124 vulnerabilities, including one zero-day flaw that has been exploited in targeted attacks.

The actively exploited vulnerability, tracked as CVE-2025-48595, is a high-severity elevation-of-privilege flaw in the Android Framework. According to Google’s June 2026 Android Security Bulletin, there are indications that the issue may be under limited, targeted exploitation.

The vulnerability affects Android 14, Android 15, Android 16, and Android 16 QPR2. Google has not released technical details about the flaw or shared additional information about the attacks or their targets.

This month’s updates also address multiple critical vulnerabilities across Android Framework, System, and Qualcomm closed-source components. The most severe issue in the June bulletin is a critical Framework vulnerability that could allow remote escalation of privilege without requiring additional execution privileges or user interaction.

Google released two Android security patch levels for June: 2026-06-01 and 2026-06-05. Devices updated to the 2026-06-01 patch level receive fixes for vulnerabilities included in the first patch set, while devices updated to the 2026-06-05 patch level receive all fixes from the June bulletin, including additional kernel, third-party, and vendor component updates.

Pixel devices typically receive Android security updates quickly, while other Android manufacturers may take longer to test and release updates for their specific devices and hardware configurations.

Users are strongly encouraged to install the latest Android security update as soon as it becomes available and to keep Google Play Protect enabled, especially on devices that install apps from outside the Google Play Store.