Google fixes one actively exploited Android zero-day, 124 flaws

Google released the June 2026 Android security patches addressing 124 vulnerabilities, including an actively exploited Android Framework zero-day (CVE-2025-48595) that can enable code execution and privilege escalation on Android 14+. The bulletin notes limited, targeted exploitation, fixes 18 critical issues across System, Framework, and vendor components, and urges users and vendors to apply updates promptly.