• Category: Security
  • Status: confirmed
  • Sources: Android Security Bulletin
  • Summary: Google's June 2026 Android Security Bulletin patches 124 CVEs across two patch levels (2026-06-01 and 2026-06-05). CVE-2025-48595 (CVSS 8.4) is a privilege escalation in the Framework component requiring no user interaction, actively exploited in the wild. It affects Android 14, 15, 16, and 16 QPR2. Security patch level 2026-06-05 or later addresses all issues. 18 CVEs are rated critical.
  • Why it matters: Any Android deployment that surfaces Framework-level APIs to untrusted content should prioritize the June update; CVE-2025-48595 requires no user interaction for privilege escalation.

Send feedback on this story