Google has released its June 2026 Android security update, patching no less than 124 vulnerabilities. As it turns out, one of them is a high-severity flaw already under active exploitation.
The exploited bug is tracked as CVE-2025-48595, which has a CVSS score of 8.4, is part of Android’s Framework component and enables privilege escalation without needing any user interaction. This is a crucial point: most traditional Android exploits rely on social engineering i.e., essentially tricking users into installing a harmful app, clicking on a dubious link, or granting permissions.
What makes it even more problematic is that this is a vulnerability that doesn’t require any action from the user means that an attacker can elevate local privileges through a more straightforward method, possibly from a compromised app sandbox or via a network-adjacent attack.
The vulnerability stems from an integer overflow in multiple locations. According to CVE.org, this could allow code execution and lead to local privilege escalation. Crucially, no extra execution privileges and no user interaction are needed to exploit it. That combination makes the bug especially dangerous, since a victim does not need to click or open anything.
Google acknowledged signs that CVE-2025-48595 may be under limited, targeted exploitation. As usual, the company did not reveal who is behind the attacks, who the targets are, or how widespread the activity is. However, similar flaws have previously been weaponized by commercial spyware vendors to target high-profile individuals in highly targeted operations.
Google also patched several flaws in the System component. The most severe could also lead to local privilege escalation with no added execution privileges required. The company issued two sets of patches, labeled 2026-06-01 and 2026-06-05. The later set includes all fixes from the first one. It also adds patches for the kernel and for third-party chipset components from Imagination Technologies, MediaTek, Qualcomm, and Unisoc.
Android dominates Pakistan’s smartphone market, with most users on Android devices. An actively exploited zero-click flaw is a serious risk for ordinary users, journalists, and officials alike. Pakistani users should update their devices as soon as the patch arrives. To check, open Settings, then System, then Software Update. Note that many older or budget phones in Pakistan may never receive these fixes, leaving them permanently exposed.
