Google Update: Android Flaw Could Put Billions of Devices at Risk

A security advisory describes CVE-2026-0073, a zero-click remote code execution vulnerability in the Android Debug Bridge daemon (adbd) affecting Android 14, 15, 16 and 16‑QPR2; an attacker on the same network or in physical proximity can execute code as the shell user without any user interaction. Google has released a patch and the advisory recommends immediate patching, disabling USB debugging, enforcing MDM/device compliance, network segmentation, monitoring for suspicious activity, and applying zero-trust/conditional access controls to reduce risk.