IT-Connect » Tech News » Android June 2026 Patch Fixes an Actively Exploited Zero-Day

Android robot with a glowing shield in a high-tech server room, announcing Patch Jun 2026.
Tech News

Android June 2026 Patch Fixes an Actively Exploited Zero-Day

Florian Burnel 0 Comments

Google has released the June 2026 security patches for Android. In total, the Mountain View company has fixed no fewer than 124 vulnerabilities, including a zero-day security flaw that is being exploited in targeted attacks. Here’s what you need to know.

CVE-2025-48595: an exploited zero-day flaw

Let’s start with the zero-day security flaw, since it deserves special attention because it is already being exploited. Associated with the reference CVE-2025-48595 and a score of 8.4 out of 10, it affects the Android Framework component. It could allow local attackers to execute arbitrary code and gain privilege escalation on affected Android smartphones and tablets.

"No user interaction is required for exploitation.", Google states.

The American company adds another important detail in its security bulletin published on June 1, 2026: "It appears that CVE-2025-48595 is the subject of limited, targeted exploitation." - As always, Google has shared no technical details about this flaw or the attacks observed.

Since targeted attacks are involved, this vulnerability is likely being exploited as part of espionage campaigns and/or by state-backed threat actors. That would be the usual pattern, but it remains to be confirmed.

Overall tally: 124 vulnerabilities fixed and 18 critical flaws

Beyond this zero-day, Google has fixed a total of 124 security flaws across the various components used by Google. Among them are 18 critical vulnerabilities spread across the system, the Android Framework, and proprietary components supplied by Qualcomm.

"Exploiting many issues on Android is made harder by improvements in newer versions of the Android platform. We encourage all users to upgrade to the latest version of Android, if possible.", Google reminds users.

The rollout of these fixes is organized into two distinct security patch levels:

  • Security patch level 2026-06-01
  • Security patch level 2026-06-05, which includes all fixes from the first group while also adding specific patches for kernel subcomponents and proprietary components (which may not affect all Android devices).

From here, all that remains is to wait for your smartphone manufacturer to bundle these fixes into a future update. And if you own a Google Pixel, you’ll get them first, as always.

Source

author avatar
Florian Burnel Co-founder of IT-Connect
Systems and network engineer, co-founder of IT-Connect and Microsoft MVP "Cloud and Datacenter Management". I'd like to share my experience and discoveries through my articles. I'm a generalist with a particular interest in Microsoft solutions and scripting. Enjoy your reading.
See Full Bio
social network icon social network icon social network icon
Share on X Share on Facebook Share on Linkedin Send by e-mail

You May Also Like

Brand illustration: bold 'CIFSwitch' text to the left with a neon-red outline, and Tux the Linux penguin sitting on a glowing server switch with a red crown above.

CIFSwitch: 19-Year-Old Linux Flaw Grants Root Access

Florian Burnel 0
Windows 11 wallpaper featuring the taskbar with a search/command bar and app icons, IT-Connect watermark in the corner.

Microsoft Is Modernizing the Windows 11 Run Dialog

Florian Burnel 0
Laptop on a wooden desk displaying Windows 11 wallpaper, with a large Windows 11 text and a circular refresh icon accompanied by a red X, implying an error or failure

April Windows Update Breaks Backups: Affected Software List

Florian Burnel 0

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.