Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

What’s new: Google has released its June 2026 Android update, addressing 124 security vulnerabilities, including one actively exploited high-severity flaw (CVE-2025-48595) with a CVSS score of 8.4. This privilege escalation vulnerability affects Android versions 14, 15, 16, and 16 QPR2, allowing code execution without user interaction.

Who’s affected

Devices running Android versions 14, 15, 16, and 16 QPR2 are impacted by the vulnerabilities, particularly those that may be targeted by commercial spyware vendors.

What to do

• Update affected Android devices to the latest security patch levels (2026-06-01 and 2026-06-05) as soon as possible to mitigate risks associated with the vulnerabilities.

Sources

• The Hacker News