Feed›Vulnerability›Android June 2026 update patches actively exploited zero-day...

VulnerabilityCyber Insider

8.4 — CRITICAL

Android June 2026 update patches actively exploited zero-day

📅 2 June 2026 at 10:21 UTC📰 Cyber InsiderView original source ↗

Google has released the June 2026 Android security updates, addressing dozens of vulnerabilities across the mobile operating system, including a high-severity zero-day flaw that is under active, targeted exploitation. The update also fixes multiple critical privilege-escalation and denial-of-service vulnerabilities affecting core Android components. The actively exploited vulnerability is tracked as CVE-2025-48595, an elevation-of-privilege (EoP) flaw … The post Android June 2026 update patches actively exploited zero-day appeared first on CyberInsider.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A zero-day vulnerability in the Android Framework component (CVE-2025-48595) is being actively exploited in targeted attacks, while multiple critical vulnerabilities have been patched across various Android components.

⚙️Technical Details

CVEs

CVE-2025-48595CVE-2025-65018CVE-2026-0043CVE-2026-0097CVE-2026-21352

Affected Systems

Android 14Android 15Android 16Android 16 QPR2

Attack Vectors

LOCALADJACENT_NETWORK

💥Impact Assessment

Severity: CRITICAL

Who Is at Risk

Users of affected Android devices, particularly those running Android 14, 15, 16, and 16 QPR2

🛡️Recommended Actions

1Install the latest security updates as soon as they become available

2Avoid sideloading applications from untrusted sources

3Keep Google Play Protect enabled

📦Affected Products

Libpng LibpngAdobe Dng Software Development KitAndroid

🔐NVD Verified DataVERIFIED

CVE-2025-48595 ↗CVSS 8.4 — HIGH

Attack Vector

LOCAL

Complexity

LOW

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-190

CVE-2025-65018 ↗CVSS 7.1 — HIGH

Attack Vector

LOCAL

Complexity

LOW

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Weaknesses

CWE-122CWE-787

Affected Products (CPE)

Libpng Libpng

Patches & References

🔧 https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57…🔧 https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8…📋 https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-…📋 https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-…

CVE-2026-0043 ↗CVSS 5.5 — MEDIUM

Attack Vector

LOCAL

Complexity

LOW

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Weaknesses

CWE-190

CVE-2026-0097 ↗CVSS 8 — HIGH

Attack Vector

ADJACENT_NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-693

CVE-2026-21352 ↗CVSS 7.8 — HIGH

Attack Vector

LOCAL

Complexity

LOW

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses

CWE-787

Affected Products (CPE)

Adobe Dng Software Development Kit

Advisories

📋 https://helpx.adobe.com/security/products/dng-sdk/apsb26-23.html

Read the full article

This is a curated summary. The complete article is available at Cyber Insider.

Read on Cyber Insider ↗

← Back to feed