Back

Critical Android Zero-Day Exploited: 124 Vulnerabilities Patched

Severity: High (Score: 72.9)

Sources: blog.pradeo.com, source.android.com, Gbhackers, Hkcert, Sea.Mashable

Published: 2026-06-02 · Updated: 2026-06-02

Keywords: android, vulnerabilities, multiple, remote, critical, zero-day, vulnerability

Severity indicators: zero-day, critical, vulnerability, vulnerabilities, ot

Summary

Google has released security updates addressing 124 vulnerabilities in Android, including a critical zero-day flaw (CVE-2025-48595) that is actively exploited in targeted attacks. This vulnerability allows local attackers to escalate privileges without user interaction on devices running Android 14 or later. The updates also include fixes for other critical vulnerabilities in the Framework, System, and Qualcomm components. Users are urged to update their devices to the latest security patch levels (2026-06-01 or 2026-06-05) to mitigate risks. The vulnerabilities affect a wide range of Android devices, with Google Pixel devices receiving updates immediately. Third-party manufacturers may take longer to release patches. The ongoing exploitation of CVE-2025-48595 raises concerns about potential widespread impacts, especially given its critical nature. Key Points: • Google patched 124 vulnerabilities in June 2026, including a critical zero-day (CVE-2025-48595). • CVE-2025-48595 allows local attackers to escalate privileges without user interaction. • Users are advised to update to the latest security patch levels to mitigate risks.

Detailed Analysis

**Impact** Android devices running versions 14 and later are affected by 124 vulnerabilities, including a critical zero-day (CVE-2025-48595) actively exploited in targeted attacks. The flaw enables remote escalation of privileges without user interaction, potentially allowing attackers near-complete control over devices. The vulnerabilities impact a broad range of devices globally, including Google Pixel and third-party smartphones from manufacturers like Samsung, Honor, and Nokia. Sensitive user data and device integrity are at risk, with potential operational disruptions due to denial-of-service conditions and privilege escalations. **Technical Details** The primary exploited vulnerability, CVE-2025-48595, is an integer overflow in the Android Framework that permits remote code execution and privilege escalation without requiring additional execution privileges or user interaction. Other critical flaws include CVE-2026-21385, a zero-day in Qualcomm graphics drivers causing memory corruption via integer overflow. Exploitation is reportedly limited and targeted, with no detailed public indicators of compromise or specific malware disclosed. Attackers likely leverage these vulnerabilities in early kill chain stages to gain initial access and escalate privileges. **Recommended Response** Apply the June 2026 Android security patches immediately, specifically the 2026-06-01 and 2026-06-05 patch levels, which address all known vulnerabilities including CVE-2025-48595 and CVE-2026-21385. Prioritize updates on Android 14+ devices, especially Google Pixel models receiving immediate patches. Monitor for unusual privilege escalations and denial-of-service symptoms. Vendors and users should verify patch deployment status and maintain updated security configurations; no additional specific detection signatures or IOCs have been publicly released.

Source articles (16)

  • Android Multiple Vulnerabilities — Hkcert · 2026-06-02
    Multiple vulnerabilities were identified in Android. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution…
  • 2026 06 01 — source.android.com · 2026-06-02
    Effective in 2026, to align with our trunk stable development model and ensure platform stability for the ecosystem, we will publish source code to AOSP in Q2 and Q4. For building and contributing to…
  • Android 0 — Cybersecuritynews · 2026-06-02
    A critical Android zero-day vulnerability is being actively exploited in targeted attacks, allowing threat actors to gain near-complete control over affected devices without any user interaction. The…
  • Android Zero — Gbhackers · 2026-06-02
    Google has disclosed a critical Android zero-day vulnerability that is reportedly being actively exploited in targeted attacks, raising serious concerns the risk of large-scale device compromise. The…
  • Patchday: 18 critical security vulnerabilities threaten Android 14, 15, 16 — Heise.De · 2026-06-02
    Security vulnerabilities in the framework, kernel, and system endanger smartphones and tablets with Android 14, 15, 16, and 16-qpr2. Anyone who owns a device still under support should ensure that the…
  • Google fixes one actively exploited Android zero-day, 124 flaws — Bleepingcomputer · 2026-06-02
    Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. Local attackers can exploit the actively abused hi…
  • Google fixes one actively exploited Android zero-day, 124 flaws — Bleepingcomputer · 2026-06-02
    Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. Local attackers can exploit the actively abused hi…
  • Google fixes actively exploited Android vulnerability (CVE-2025-48595) — Feeds2.Feedburner · 2026-06-02
    Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be u…
  • Security Updates — www.hmd.com · 2026-06-02
    HMD is delivering the latest Security Patches to your Android™ smartphone and tablet as quickly as possible. However, there are several factors which may affect the date you actually receive an update…
  • Google patches more than 100 Android security vulnerabilities — Mashable · 2026-06-02
    Android users, update your devices. Google has just released new security updates for Android that fix a slew of vulnerabilities. Just how many things did Google fix? A whopping 124 vulnerabilities, a…
  • Google patches more than 100 Android security vulnerabilities - Tech — Sea.Mashable · 2026-06-02
    Android users, update your devices. Google has just released new security updates for Android that fix a slew of vulnerabilities. Just how many things did Google fix? A whopping 124 vulnerabilities, a…
  • CVE-2025-22424 — cve.mitre.org · 2026-06-02
  • CVE-2025-22426 — cve.mitre.org · 2026-06-02
  • CVE-2025-26418 — cve.mitre.org · 2026-06-02
  • CVE-2025-32348 — cve.mitre.org · 2026-06-02
  • Android 129 Vulnerabilities In March Including An Already Exploited 0 Day — blog.pradeo.com · 2026-06-02

Timeline

  • 2025-11-24 — CVE-2025-65018 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2025-11-24 — CVE-2025-64720 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2025-12-02 — CVE-2025-48572 added to CISA KEV: CISA flagged the vulnerability as actively exploited in the wild and added it to the Known Exploited Vulnerabilities catalog.
  • 2025-12-02 — CVE-2025-48633 added to CISA KEV: CISA flagged the vulnerability as actively exploited in the wild and added it to the Known Exploited Vulnerabilities catalog.
  • 2025-12-04 — CVE-2025-40214 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-03-02 — CVE-2026-21385 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-06-01 — June 2026 Android Security Bulletin released: Google published the June security bulletin detailing 124 vulnerabilities, including CVE-2025-48595.
  • 2026-06-01 — CVE-2026-0043 published: Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
  • 2026-06-02 — CVE-2025-48595 added to CISA KEV: CVE-2025-48595, a critical vulnerability, was added to the CISA Known Exploited Vulnerabilities list due to active exploitation.
  • 2026-06-02 — Multiple vulnerabilities reported: Reports indicate multiple vulnerabilities, including CVE-2025-48595, could lead to denial of service and privilege escalation.

CVEs

  • CVE-2025-40214
  • CVE-2025-48572
  • CVE-2025-48595
  • CVE-2025-48633
  • CVE-2025-64720
  • CVE-2025-65018
  • CVE-2026-0043
  • CVE-2026-21385
  • CVE-2026-64505

Related entities

  • Data Breach (Attack Type)
  • DDoS (Attack Type)
  • Zero-day Exploit (Attack Type)
  • Google (Company)
  • Huawei (Company)
  • Imagination Technologies (Company)
  • MediaTek (Company)
  • Motorola (Company)
  • Nokia (Company)
  • Qualcomm (Company)
  • Samsung (Company)
  • Unisoc (Company)
  • Cwe-190 - Integer Overflow Or Wraparound (Cwe)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-269 - Improper Privilege Management (Cwe)
  • german.it (Domain)
  • T1068 - Exploitation for Privilege Escalation (Mitre Attack)
  • T1203 - Exploitation for Client Execution (Mitre Attack)
  • Android (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed