Google Patches 124 Android Flaws in June Update as 1 Bug Faces Active Exploitation
Updated
Updated · MUO - MakeUseOf · Jun 9
Google Patches 124 Android Flaws in June Update as 1 Bug Faces Active Exploitation
3 articles · Updated · MUO - MakeUseOf · Jun 9
Summary
Google's June 2026 Android update fixes 124 vulnerabilities across Android 14, 15, 16 and 16 QPR2, including CVE-2025-48595, which the company said is under limited, targeted exploitation.
CVE-2025-48595 is an Android Framework integer overflow with a CVSS score of 8.4 that could let a malicious app with basic permissions gain elevated control without further user action.
18 of the 124 flaws are rated Critical, and the bulletin also patches CVE-2026-0059, a Bluetooth heap overflow that could enable nearby code execution without user interaction.
Pixel devices began receiving the update on June 1, while Samsung, OnePlus, Motorola and Xiaomi users are still waiting on vendor rollouts that vary by model, age and chipset support.
Devices showing security patch level 2026-06-01 or 2026-06-05 have the June fixes, while some protections may also arrive through Google Play System updates via Project Mainline.