Google on Monday launched patches for 124 safety vulnerabilities impacting its Android working system for the month of June 2026, together with one high-severity flaw within the Framework part that has come below lively exploitation.
Tracked as CVE-2025-48595 (CVSS rating: 8.4), the safety flaw has been described as a case of privilege escalation with out requiring any consumer interplay. The vulnerability impacts units operating Android variations 14, 15, 16, and 16 QPR2 (Quarterly Platform Launch 2).
“In a number of places, there’s a potential technique to obtain code execution as a result of an integer overflow,” in accordance with a description of the vulnerability on CVE.org. “This might result in native escalation of privilege with no further execution privileges wanted. Consumer interplay isn’t wanted for exploitation.”
Google has acknowledged there are indications that CVE-2025-48595 could also be below “restricted, focused exploitation.” As is usually the case, the tech large didn’t reveal any specifics about who might have been behind the exercise, the targets affected, and the dimensions of such efforts.
That stated, comparable flaws have been weaponized by industrial spyware and adware distributors to focus on high-profile people as a part of extraordinarily focused assaults.
Elsewhere, plenty of vulnerabilities have been patched within the System part, probably the most extreme of which may result in native escalation of privilege with no further execution privileges wanted.
Google has launched two units of patches – 2026-06-01 and 2026-06-05 safety patch ranges – with the latter together with all fixes from the primary set, together with patches for kernel and third-party chipset elements from Creativeness Applied sciences, MediaTek, Qualcomm, and Unisoc.
