- Google has patched a critical Android flaw under active exploitation, identified as CVE-2025-48595.
- The vulnerability allows local privilege escalation without user interaction and impacts Android versions 14 through 16.
- June’s security update addresses 124 vulnerabilities across Framework and System components.
On Monday, June 2, 2026, Google released patches for 124 security vulnerabilities in its Android operating system. This monthly update included one high-severity Framework flaw that is being actively exploited in the wild.
Tracked as CVE-2025-48595, the flaw is a privilege escalation issue requiring no user interaction. It impacts devices running Android versions 14, 15, 16, and 16 QPR2, according to a description on CVE.org. Google acknowledged indications of “limited, targeted exploitation” but provided no specifics on the actors or targets.
Consequently, similar flaws have historically been weaponized by commercial spyware vendors. Meanwhile, several vulnerabilities were also patched in the System component.
The company released two sets of patches: 2026-06-01 and 2026-06-05 security patch levels. The latter includes all fixes from the first set plus patches for kernel and third-party chipset components.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
