The bottom line: An Android Framework bug enables privilege escalation without user interaction and is already being exploited in the field.
Google released security updates for 124 vulnerabilities in Android in June 2026. Among them is a critical vulnerability (CVE-2025-48595, CVSS 8.4) in the Framework component that is already actively exploited.
Google released monthly security patches for Android on Monday in June 2026. The update addresses a total of 124 vulnerabilities in the operating system. One of these is classified as critical and is already subject to active exploitation in practice.
The exploited security vulnerability is designated CVE-2025-48595 and has a CVSS score of 8.4. It affects the Framework component of Android and enables privilege escalation without requiring user interaction – an attacker can exploit the vulnerability remotely to gain elevated system privileges.
This presents an elevated priority for CISOs when rolling out this update: the combination of active exploitation and lack of user dependency means immediate risk for Android deployments in enterprise environments. The availability of patches should be incorporated into the update strategy as quickly as possible to prevent attacks on devices in the network.
Source: thehackernews.com · Published June 2, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.