GOOGLE has issued its June 2026 Android security updates, addressing 124 vulnerabilities, including the critical CVE-2025-48595, a privilege escalation flaw with a CVSS score of 8.4 that is actively being exploited in targeted attacks. This vulnerability affects Android versions 14, 15, and 16 and allows attackers to execute code and gain elevated access without user interaction. CISA has added this flaw to its Known Exploited Vulnerabilities catalog, urging federal agencies to remediate it by June 5, 2026.
Google is also addressing the challenge of Android's fragmented update model, which delays patch distribution to non-Pixel devices.