Google has released its June 2026 Android security update, patching 124 vulnerabilities across Android phones and tablets — including one zero-day flaw that attackers are already using in real-world attacks. The actively exploited bug, tracked as CVE-2025-48595, is a flaw in the Android Framework that lets attackers run malicious code and gain higher privileges on devices running Android 14 or later. Google says evidence suggests this flaw has been used in “limited, targeted” attacks.
The update comes in two batches: the 2026-06-01 security patch level covers the core fixes, while the 2026-06-05 level includes additional patches for device-specific components from third-party chipmakers. Google Pixel devices are receiving updates right away; other Android phones (Samsung, OnePlus, Motorola, etc.) will follow as manufacturers roll out tailored updates over the coming weeks.
How to check if you’re affected
Affected devices include all Android phones and tablets running Android 14 or later. To check your current patch level, go to Settings → About phone → Android version (or Software information on Samsung). Look for a “Security patch level” date — if it reads anything before June 1, 2026, your device has not yet received this month’s fixes. Install any available update from Settings → System → System update.