What the bulletin fixes
Google published its monthly Android security bulletin on June 1, 2026, with an update on June 3. It bundles around 124 fixes split across two patch levels: 2026-06-01 and 2026-06-05. The first level holds the Framework and System fixes that belong to Android itself; the second adds kernel and chipset-specific patches.
The standout is CVE-2025-48595, an elevation of privilege flaw in the Framework component. Google rates it High severity and, per the advisory, there are indications it may be under limited, targeted exploitation. It needs no user interaction: a local process with reduced permissions could climb to privileges it shouldn’t have without the victim doing anything.
Who it affects
The flaw reaches Android 14, 15, 16, and 16-QPR2, which covers most phones still under active support. Because this is a privilege escalation and not remote code execution, the attacker already needs a foothold on the device, usually a malicious app or an earlier exploit step. From there, CVE-2025-48595 helps them push further into the system.
The rest of the batch matters too. The 2026-06-01 level carries several critical issues in Framework and System, with the DNG SDK (image processing) and Bluetooth among the sensitive modules. The 2026-06-05 level adds a kernel fix and a long list of chipset problems: Qualcomm (including its closed-source code, with three critical entries), MediaTek across Modem, geniezone and preloader, Unisoc with fifteen modem flaws, and Imagination Technologies in the PowerVR GPU.
Severity
The zero-day under exploitation is CVE-2025-48595, rated High. The worry isn’t so much the score as the fact that it’s already being used against specific targets with no interaction required. Higher on the scale, the critical Framework issues and Qualcomm closed-source flaws have more theoretical damage potential, but none are listed as exploited. The usual pattern here is the concern: an attacker chains an entry-point bug with CVE-2025-48595 to end up with elevated privileges.
Mitigation
There’s no alternative setting that replaces the patch. The only fix is to update to a security patch level of 2026-06-05 or later, which covers every issue at that level and all previous ones. To check where you stand, look at Settings > Security for the patch level value; ro.build.version.security_patch should read 2026-06-01 or 2026-06-05. Many Framework and System fixes also arrive through Google Play system updates on Android 10 and above, without waiting for the full vendor image.
If your phone no longer gets updates, this bulletin is a reminder of why support matters: an unpatched device stays open to a flaw that is being exploited right now. To understand how Android relates to the kernel it runs on, read Android: the most-used Linux in the world.