Google Patches Android Zero-Day CVE-2025-48595 in June 2026 Update, Fixing Dozens More Flaws
Updated
Updated · CyberInsider · Jun 2
Google Patches Android Zero-Day CVE-2025-48595 in June 2026 Update, Fixing Dozens More Flaws
3 articles · Updated · CyberInsider · Jun 2
June 2026 Android patches close CVE-2025-48595, a high-severity Framework privilege-escalation flaw that Google says is being used in limited, targeted attacks on Android 14, 15, 16 and 16 QPR2.
Google also fixed CVE-2025-65018, the month's most severe bug—a critical Framework flaw that could enable remote privilege escalation without user interaction or extra execution privileges.
System updates addressed four critical local privilege-escalation bugs—CVE-2026-0043, CVE-2026-0097, CVE-2026-21352 and CVE-2026-21353—along with high-severity disclosure, denial-of-service, code-execution and escalation issues.
Patch levels 2026-06-01 and 2026-06-05 include additional kernel and chipset fixes from Qualcomm, MediaTek, Imagination Technologies and Unisoc, including three critical Qualcomm component flaws.
Pixel devices are expected to get the update first, while Samsung, Motorola, Xiaomi and other vendors will ship it on their own schedules, leaving users to wait for manufacturer rollouts.