June 2026 Security Patch: Critical CVE Fixed, Who Gets It First

Google has published the June 2026 Android Security Bulletin alongside the start of the month’s system update rollout. The headline fix is CVE-2025-48595 — a high-severity privilege escalation vulnerability in the Android Framework that Google has marked as under limited targeted exploitation. The designation requires urgent attention from every Android user and immediate action from enterprise device administrators.

 

Understanding the June 2026 Patch Levels

The 2026-06-01 Patch Level

The first patch level, 2026-06-01, addresses vulnerabilities in the Android Framework and System components. This is the foundational level that all Android devices receiving the June update should achieve at minimum. CVE-2025-48595 — the critical privilege escalation fix — is included at this level.

The 2026-06-05 Patch Level

The second patch level, 2026-06-05, adds fixes across vendor-specific kernel and driver modules — covering MediaTek, Qualcomm, and Unisoc chipset implementations. Devices on the 2026-06-05 patch level have received the complete June security update including both the platform-level fixes and the hardware-vendor-specific component fixes.

The split-level architecture exists because vendor-specific fixes depend on silicon manufacturers providing patched firmware, which arrives on a different schedule from Google’s own platform patches. A device on 2026-06-01 is protected against the critical CVE-2025-48595 vulnerability. A device on 2026-06-05 has received the complete set of available June fixes.

To check your current patch level: Settings → About phone → Android security update.

 

CVE-2025-48595 — The Critical Fix

What the Vulnerability Is

CVE-2025-48595 is a privilege escalation vulnerability in the Android Framework component — the layer of the Android platform that mediates between applications and the operating system. A privilege escalation vulnerability of this type allows a malicious app or process with limited system permissions to gain higher-level access to system resources than it is authorised to have.

In practical terms, a successful exploitation of CVE-2025-48595 on an unpatched device could allow a malicious application to access data, capabilities, or system functions that the Android permission model is specifically designed to prevent it from reaching — including data from other apps, system configuration, or hardware access.

The Active Exploitation Status

Google’s notation that CVE-2025-48595 may have been under limited targeted exploitation is the detail that elevates this patch from routine to urgent. When Google applies this designation, it means the company has received credible evidence that the vulnerability has been exploited in real-world attacks, not merely identified in theoretical security research.

Limited targeted exploitation typically means the vulnerability has been weaponised in focused attacks against specific targets — often journalists, human rights workers, corporate executives, government officials, or other high-value targets — rather than deployed in broad consumer-facing malware campaigns. This pattern is consistent with commercial spyware operators who purchase or develop zero-day exploits for targeted deployment before they are discovered and patched.

If you use your Android device for work containing sensitive business data, if you are a journalist or activist, if you handle financial or legal information on your device, or if you have any reason to believe you might be a target of sophisticated adversaries — install this patch today rather than waiting for the staged rollout to reach your device automatically. The manual OTA installation method for Pixel devices is available at the Android Beta Programme page on developer.android.com.

 

OEM Rollout: Who Gets the June Patch and When

Google Pixel

Pixel 8 series through Pixel 10 series are receiving the June 2026 security patch over the air beginning this week. Pixel 6 and Pixel 7 series devices are also eligible and will receive the update in the staged rollout.

To check immediately: Settings → System → System update. If the update is not yet showing on your Pixel, it is in the staged rollout queue and will arrive automatically within the next few days.

Samsung Galaxy

Samsung Galaxy users will see the June security fixes bundled alongside upcoming One UI updates in the coming weeks. Samsung’s June patch typically follows the Pixel rollout by approximately two to four weeks. Galaxy S26, S25, and S24 series devices are the highest priority for Samsung’s security patch deployment.

Motorola, Xiaomi, and OnePlus

Other OEMs including Motorola, Xiaomi, and OnePlus will roll out the June security update across June and July based on their specific hardware deployment cycles. These manufacturers typically bundle security patches with broader software updates, so the June security content may arrive alongside other improvements rather than as a standalone security-only update.

 

Developer Impact: What the June Patch Changes

Framework API Behaviour

Privilege escalation patches in the Android Framework occasionally affect API behaviour in ways that can create subtle changes in how certain permission checks are evaluated. The June patch is primarily a security hardening measure rather than an API surface change — but any application that relies on inter-process communication, cross-app data sharing, or system permission queries should be tested against the June patch level to confirm expected behaviour.

Security Level Targeting

For enterprise applications and apps handling sensitive data, updating your targetSdkVersion and compileSdkVersion to reflect the June 2026 security patch level as part of your next release is best practice. Enterprise MDM solutions that include Android security patch level as a compliance requirement should update their minimum patch level policies to include the 2026-06-01 baseline following the June update’s broad deployment.

Android 17 Stable and the Security Patch

Android 17 stable — expected within the next one to two weeks — will ship with the June 2026 security patch integrated at the platform level. Developers preparing for the Android 17 stable launch should ensure their test devices are on the June patch level for the most accurate representation of what users will receive on day one.

 

The Broader Security Context

The June security patch arrives in the same month as Google’s expanded security feature rollout — fake call detection, the verified financial calls expansion, the Live Threat Detection additions for SMS forwarding and accessibility overlay abuse all covered in our June Feature Drop article.

Together, the June patch and the Feature Drop security additions represent Google’s most comprehensive single-month security investment in recent memory. The active exploitation designation on CVE-2025-48595 gives the entire package additional urgency. Apply the update, enable fake call detection on your Pixel or eligible Samsung device, and review the Personal Safety settings while you are in the system update flow.

 

Related on Android News Wire:

• June 2026 Android Feature Drop: Fake Call Detection and 7 New Features
  
• Android Security 2026: AI Threat Detection and Bank Call Shield
  
• Android 17 Beta 4.1 — Five Last-Minute Fixes Before Stable
  
• March 2026 Android Security Bulletin: 129 CVEs Fixed