Hkcert
Critical Android Zero-Day Exploited: 124 Vulnerabilities Patched
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Google has released security updates addressing 124 vulnerabilities in Android, including a critical zero-day flaw (CVE-2025-48595) that is actively exploited in targeted attacks. This vulnerability allows local attackers to escalate privileges without user interaction on devices running Android 14 or later. The updates also include fixes for other critical vulnerabilities in the Framework, System, and Qualcomm components. Users are urged to update their devices to the latest security patch levels (2026-06-01 or 2026-06-05) to mitigate risks. The vulnerabilities affect a wide range of Android devices, with Google Pixel devices receiving updates immediately. Third-party manufacturers may take longer to release patches. The ongoing exploitation of CVE-2025-48595 raises concerns about potential widespread impacts, especially given its critical nature.
Key Points: • Google patched 124 vulnerabilities in June 2026, including a critical zero-day (CVE-2025-48595). • CVE-2025-48595 allows local attackers to escalate privileges without user interaction. • Users are advised to update to the latest security patch levels to mitigate risks.