Key Findings Google released patches for 124 Android security vulnerabilities in June 2026, including one actively exploited flaw CVE-2025-48595 (CVSS 8.4) is a privilege escalation vulnerability in the Android Framework currently under limited, targeted exploitation The flaw affects Android 14, 15, 16, and 16 QPR2, requires no user interaction, and allows code execution through integer overflow CISA added the vulnerability to its Known Exploited Vulnerabilities catalog on Ju