Android June 2026 Update Fixes Zero-Day and 123 Other Flaws

Google released its June 2026 Android security bulletin addressing 124 vulnerabilities across the mobile operating system, including one actively exploited zero-day affecting devices running Android 14 and later. The patches arrive as mobile threats continue escalating, with attackers increasingly targeting smartphones for both espionage and financial theft.

The most serious flaw, CVE-2025-48595, is a high-severity vulnerability in the Android Framework that allows local attackers to escalate privileges and execute arbitrary code on affected devices.

CVE-2025-48595: The Zero-Day

Google confirmed CVE-2025-48595 is under "limited, targeted exploitation" without providing details about the attacks or threat actors involved. The vulnerability affects the Android Framework component and enables privilege escalation without requiring user interaction.

The flaw impacts devices running:

• Android 14
• Android 15
• Android 16 (beta)

Devices on Android 13 and earlier are not affected by this specific vulnerability, though they may be impacted by other issues addressed in this bulletin.

Patch Levels Explained

Google released two security patch levels:

2026-06-01: Addresses core Android vulnerabilities including CVE-2025-48595. All device manufacturers should incorporate these fixes.

2026-06-05: Bundles the June 1 fixes plus additional patches for closed-source third-party components and kernel subcomponents. This level addresses hardware-specific vulnerabilities that don't affect all Android devices.

Google Pixel devices receive updates immediately. Other manufacturers typically take days to weeks to test and deploy patches for their specific hardware configurations—a persistent gap that leaves non-Pixel users exposed.

Critical and High-Severity Fixes

Beyond the zero-day, the bulletin addresses vulnerabilities across multiple Android components:

• Framework: 8 vulnerabilities including privilege escalation and information disclosure flaws
• System: 15 vulnerabilities affecting core system services
• Kernel: Multiple privilege escalation vectors in kernel subsystems
• Qualcomm components: Closed-source driver vulnerabilities requiring vendor patches
• MediaTek components: Similar vendor-specific issues for MediaTek chipsets

Several vulnerabilities carry critical severity ratings, though Google notes CVE-2025-48595 as the only one with confirmed exploitation.

Connection to Broader Mobile Threats

The Android zero-day arrives amid increased mobile targeting by both nation-state actors and criminal groups. Recent iOS zero-day exploitation shows similar patterns, with mobile devices increasingly viewed as high-value targets.

Mobile malware campaigns like those seen in macOS targeting by JINX-0164 are expanding to Android, particularly targeting cryptocurrency applications and financial services.

Mitigation Steps

Android users should take these actions:

1. Check for updates: Navigate to Settings > Security > Security update and install available patches
2. Enable automatic updates: Ensure your device downloads security updates automatically
3. Verify patch level: Confirm your device shows "June 5, 2026" or later as the security patch level
4. Consider device age: Devices no longer receiving security updates should be replaced

For organizations managing Android device fleets, mobile device management (MDM) solutions can enforce minimum patch levels and restrict access for unpatched devices.

Why This Matters

The gap between Pixel patch availability and broader Android ecosystem updates remains a structural security challenge. Users on Samsung, OnePlus, Xiaomi, and other manufacturers typically wait weeks for the same fixes that Pixel owners receive immediately.

This fragmentation creates a window where attackers can reverse-engineer Pixel patches to develop exploits targeting unpatched devices from other manufacturers. For organizations allowing Android devices on corporate networks, this argues for either mandating Pixel devices or implementing compensating controls for the patch delay period.

For general mobile security guidance, users should keep devices updated, avoid sideloading applications, and be cautious about permission requests from installed apps.