Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device Control
Cybersecurity NewsArchived Jun 02, 2026✓ Full text saved
A critical Android zero-day vulnerability is being actively exploited in targeted attacks, allowing threat actors to gain near-complete control over affected devices without any user interaction. The flaw, tracked as CVE-2025-48595, was highlighted in the June 2026 Android Security Bulletin, where Google confirmed limited real-world exploitation. The vulnerability resides in the Android Framework component and […] The post Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeAndroid
Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device Control
By Abinaya
June 2, 2026
A critical Android zero-day vulnerability is being actively exploited in targeted attacks, allowing threat actors to gain near-complete control over affected devices without any user interaction.
The flaw, tracked as CVE-2025-48595, was highlighted in the June 2026 Android Security Bulletin, where Google confirmed limited real-world exploitation.
The vulnerability resides in the Android Framework component and is a high-severity elevation-of-privilege (EoP) issue.
Under certain conditions, attackers can exploit the flaw remotely to escalate privileges without requiring additional execution permissions.
This significantly increases the risk profile, as successful exploitation could enable attackers to bypass core security boundaries and access sensitive system resources.
Security researchers note that the vulnerability impacts devices running Android versions 14, 15, 16, and 16 QPR2. While categorized as high severity, its exploitation characteristics, particularly the lack of user interaction, make it especially dangerous in targeted campaigns.
Android 0-Day Vulnerability Exploited
In real-world scenarios, such vulnerabilities are often chained with other exploits to achieve full device compromise, including data exfiltration, surveillance, and persistent access.
Google stated that the most severe issues in this bulletin could lead to remote escalation of privilege with no user involvement, emphasizing the potential impact if platform-level mitigations are bypassed.
Although Android incorporates multiple layers of defense, including sandboxing, permission controls, and runtime protections, sophisticated attackers may still exploit such flaws under specific conditions, especially on unpatched or outdated devices.
The company also confirmed that Android partners were notified of the vulnerability at least a month before public disclosure, allowing OEMs time to prepare and distribute patches.
The security updates included in patch level 2026-06-05 fully address CVE-2025-48595 and related vulnerabilities. Source code patches are expected to be released to the Android Open Source Project (AOSP) repository shortly after the bulletin is published.
Google Play Protect continues to play a critical role in mitigating exploitation attempts. Enabled by default on devices with Google Mobile Services, it actively scans apps and warns users about potentially harmful applications.
However, users who sideload apps from third-party sources remain at higher risk, as these channels are often abused to deliver exploit payloads.
The Android Security Team has urged users and organizations to update devices immediately to the latest available security patch level.
Delayed patch adoption remains one of the primary factors enabling threat actors to weaponize known vulnerabilities. This zero-day case underscores a broader trend in mobile threat landscapes, where attackers increasingly target core operating system components to maximize impact.
As exploitation techniques evolve, timely patching and layered security defenses remain essential to reducing exposure and preventing device compromise.
Free Webinar on OWASP API Top 10 and Guide to Close Visibility Gaps With WAAP
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Abinayahttps://cybersecuritynews.com/
Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space.
Trending News
Attackers Can Exploit BadHost to Access Sensitive AI Agent Server Endpoints
GitHub Down – Authentication Issues Denying Access to Actions
New ChatGPT Vulnerability Lets Attackers Turn Web Pages Into Phishing Payloads
Microsoft Warns Public Release of Zero-Day Details Before Vendor Coordination
Android Banking Trojan OverlayPhantom Abuses Accessibility Service to Control Devices
Latest News
Cyber Security News
Dashlane Password Manager User Accounts Locked Following Brute-Force Attacks
Cyber Security News
Gamaredon APT Hides Malware in Windows Features and Abuses Cloud Platforms for C2
Cyber Security News
Critical WP Maps Pro Vulnerability Allow Attackers to Create Administrator Account
Cyber Security
Hackers Use Meta’s AI Bot to Reset Passwords and Hijack Instagram Accounts
Cyber Security News
IBM WebSphere Server Vulnerable to Remote Code Execution Attack Via Crafted Request