The June Android security update is one of the biggest this year and most users haven’t installed it yet
Publish Date: 2026-06-09 15:30:00
Source Domain: www.makeuseof.com
Google’s June 2026 Android security update landed on June 1st with a lot to do. It patches 124 vulnerabilities across Android 14, 15, 16, and 16 QPR2, including one already being actively exploited in the wild. Most non-Pixel users haven’t even received it yet. Here’s what’s in it, why it matters, and how to tell if your phone is protected.
What’s Actually Being Patched
124 vulnerabilities, one already under attack
Pankil Shah / MakeUseOfCredit: Pankil Shah / MakeUseOf
That’s a lot of vulnerabilities, of course, across Framework, System, Kernel, and third-party chipset components from Qualcomm and Broadcom. 18 of them are rated Critical, according to Google’s June 2026 Android Security Bulletin.
The biggest one to concern yourself with is CVE-2025-48595, a high-severity integer overflow in the Android Framework with a CVSS score of 8.4 (a 0–10 severity scale, where 9.0+ is Critical). Google confirmed in the bulletin that there are “indications that CVE-2025-48595 may be under limited, targeted exploitation,” which is the standard phrasing used when someone is actively weaponizing a vulnerability against real devices.
The bug itself has to do with how the Android Framework performs arithmetic operations without proper bounds checking. A local attacker can craft an input that overflows an integer value, which wraps around to an unexpectedly small number. That incorrect value then…
