Bottom line: CVE-2025-48595 in the Android Framework enables already-exploited privilege escalation on devices running Android 14 or newer and is being actively weaponized by commercial spyware and state-sponsored actors against journalists and decision-makers.
Google releases its June 2026 security update for Android with 124 bug fixes, including the critical zero-day vulnerability CVE-2025-48595, which is already being exploited in targeted attacks. The vulnerability enables local attackers to escalate privileges to system administrator level.
Google has released the June 2026 security update, patching 124 Android vulnerabilities. The focus is on the critical zero-day CVE-2025-48595 in the Android Framework – the core software component that provides fundamental functions and application programming interfaces for all applications. The update addresses an operating system patch for Android 14 and newer versions.
Google has confirmed the vulnerability is actively exploited: “There is evidence that CVE-2025-48595 may be subject to limited, targeted exploitation.” This enables local attackers with minimal device access to exploit a buffer error or logic flaw, execute arbitrary malicious code, and escalate their privileges to system administrator level. Technical details about attackers and victims have not been released – comparable framework vulnerabilities have historically been leveraged by commercial spyware vendors or state-sponsored actors for mass surveillance of journalists, politicians, and high-ranking individuals.
In addition to the zero-day, the June updates address 18 vulnerabilities rated as critical in Android system, framework, and Qualcomm components. Particularly noteworthy is a framework vulnerability that enables remote privilege escalation – without requiring additional execution rights or user interaction. This poses a high risk for enterprise devices, as infections can occur entirely undetected in the background.
Google is distributing updates in two staged patch levels: 2026-06-01 for universal open-source components of the core operating system and framework fixes, as well as 2026-06-05 with additional corrections for manufacturer-specific kernel drivers and third-party components. This structure allows smartphone manufacturers to flexibly adapt updates to their infrastructure.
Source: www.it-daily.net · Published 4 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 of the EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.