Android 0-Day Vulnerability Exploited for Full Device Control - cyberpress.org
cyberpress.orgArchived Jun 24, 2026✓ Full text saved
Android 0-Day Vulnerability Exploited for Full Device Control cyberpress.org
Full text archived locally
✦ AI Summary· Claude Sonnet
Android 0-Day Vulnerability Exploited for Full Device Control
By Lucas Martin
June 2, 2026
Categories:
Cyber Security News
Google has confirmed active exploitation of a high-severity Android zero-day vulnerability, CVE-2025-48595, in its June 2026 Android Security Bulletin published on June 1, 2026.
The flaw resides in the Android Framework component. It enables local escalation of privilege through an integer overflow, requiring no user interaction or additional execution privileges, placing hundreds of millions of devices at immediate risk.
CVE-2025-48595 is rooted in an integer overflow present in multiple locations within the Android Framework component, Android said.
Android 0-Day Vulnerability Exploited
When exploited, the overflow creates a pathway for local code execution at elevated privilege levels, effectively granting an attacker system-level control over the targeted device without requiring any elevated permissions at the point of entry.
Critically, the attack requires zero user interaction, no phishing lure, no malicious link, and no app installation, making it exceptionally dangerous for both consumer and enterprise Android endpoints.
Google’s June 2026 bulletin is notably large, addressing vulnerabilities across the Framework, System, Kernel, and third-party chipset components.
Within the Framework section alone, the bulletin patches over 20 high-severity EoP flaws, but CVE-2025-48595 stands apart due to confirmed in-the-wild exploitation.
Google has explicitly stated in the bulletin: “There are indications that CVE-2025-48595 may be under limited, targeted exploitation.”
This language mirrors the disclosure pattern seen in previous Android zero-day bulletins, including the December 2025 bulletin, in which CVE-2025-48633 and CVE-2025-48572 were confirmed to have been exploited and subsequently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog within 24 hours.
Security researchers tracking the June 2026 bulletin have flagged this as one of the most urgent Android patches of the year, with evidence of active exploitation suggesting that targeted threat actors may be operating toolchains against high-value Android device users.
The June 2026 Android Security Bulletin addresses vulnerabilities across Framework (30+ CVEs), System (35+ CVEs), Kernel, and vendor-specific components.
The bulletin also patches multiple Critical-rated DoS vulnerabilities in the System component, including CVE-2026-0039, CVE-2026-0040, CVE-2026-0041, and CVE-2026-0042, all affecting Android 14 through 16-QPR2.
Affected Devices and Patch
The vulnerability affects Android versions 14, 15, 16, and 16-QPR2, which represent the vast majority of currently active Android devices globally. Devices running the 2026-06-05 security patch level or later are fully protected.
Source code patches will be released to the Android Open Source Project (AOSP) repository within 48 hours of the bulletin’s June 1 publication.
To verify your patch status: Settings → About Phone → Android Version → Security Patch Level.
Mitigations
Apply the June 2026 security patch immediately, prioritizing Android 14–16 devices.
Enable Google Play Protect on all managed devices to detect Potentially Harmful Applications.
Restrict sideloading of applications from outside the Google Play Store in enterprise MDM policies.
Monitor endpoints for unusual privilege escalation activity or anomalous process behavior.
Update Android versions to the latest available release where feasible
Google Play Protect, enabled by default on all Google Mobile Services devices, continues to monitor for abuse related to this vulnerability, providing an additional detection layer while patches are deployed across device fleets.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
Share
Facebook
Twitter
Pinterest
WhatsApp
Lucas Martinhttps://cyberpress.org/
Lucas Martin is an Investigative cybersecurity journalist dedicated to breaking stories on ransomware cartels, data breaches, and state-sponsored espionage.
Recent Articles
Critical Laravel Livewire RCE Flaw Exploited to Steal Credentials From 6,000+ Apps
Cyber Security News June 24, 2026
Microsoft Teams Phishing Lures Push Victims Toward Remote Access Tool Installation
Cyber Security News June 24, 2026
Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment
Cyber Security News June 24, 2026
Woodgnat Uses ClickFix, FileFix, and CrashFix Lures to Deliver Remote Access Malware
Cyber Security News June 24, 2026
Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play
Android June 24, 2026
Related Stories
Cyber Security News
Critical Laravel Livewire RCE Flaw Exploited to Steal Credentials From 6,000+ Apps
Lucas Martin - June 24, 2026
Cyber Security News
Microsoft Teams Phishing Lures Push Victims Toward Remote Access Tool Installation
Varshini - June 24, 2026
Cyber Security News
Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment
Lucas Martin - June 24, 2026
Cyber Security News
Woodgnat Uses ClickFix, FileFix, and CrashFix Lures to Deliver Remote Access Malware
Varshini - June 24, 2026
Android
Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play
Varshini - June 24, 2026
Cyber Security News
Hackers Use Fake Outlook Update Portal to Deploy Edgecution Browser-Based Backdoor
Varshini - June 24, 2026
LEAVE A REPLY
Comment:
Name:*
Email:*
Website: