Google Patches Actively Exploited Android Zero-Day in June Security Update

Overview

• Google released the June 2026 Android security bulletin on Tuesday and included fixes for 124 vulnerabilities, one of which it says may have been under limited, targeted exploitation.
• The tracked flaw CVE-2025-48595 is an integer overflow in the Android Framework that can let a local attacker execute code and escalate privileges to take full control of a device.
• Successful exploitation does not require user interaction and is likely carried out by malicious apps that run locally on Android 14, 15, 16 and 16 QPR2 devices.
• Google issued two patch levels, 2026-06-01 for core OS fixes and 2026-06-05 for kernel and closed-source chipset fixes, and said Pixel devices can update immediately while other OEMs and chipset vendors may take longer to roll out patches.
• Google will publish AOSP source patches within 48 hours and has raised bounty payouts for high-impact Android exploits, but it has not released technical details of the active attacks so users should update promptly and avoid installing untrusted apps.