Google has released its June 2026 Android security update, addressing 124 vulnerabilities including a zero-day exploit that has been actively targeted in attacks. The zero-day, identified as CVE-2025-48595, is a high-severity privilege escalation flaw within Android's Framework component. Google indicates that this vulnerability is currently under limited, targeted exploitation, although specific attack details remain undisclosed.
The rise of commercial spyware vendors has significantly contributed to the prevalence of zero-day exploits in Android devices. These vendors develop and sell advanced attack chains, usually to government clients, with Google's research teams often uncovering these exploits. Apart from the zero-day, 18 vulnerabilities in the latest update have been labeled critical, affecting the framework, system, and Qualcomm components. Exploitation could result in privilege escalation or denial of service.
The remaining vulnerabilities have been rated as high severity, impacting System, Framework, Kernel, and components from providers like Imagination Technologies, MediaTek, Unisoc, and Qualcomm. Most of these vulnerabilities can also lead to privilege escalation or denial of service, with a few posing risks for information disclosure. Notably, a system vulnerability tracked as CVE-2026-0059 can enable remote code execution, highlighting the critical need for timely updates.