Google’s newest updates for the Android working system patch greater than 30 vulnerabilities, all labeled as ‘excessive severity’.
The June 2025 Android safety bulletin reveals that probably the most severe flaw, in keeping with Google, is CVE-2025-26443, a neighborhood privilege escalation problem within the System element. Exploitation doesn’t require further privileges, however person interplay is required.
Vulnerabilities that may result in DoS assaults, privilege escalation, or data disclosure have been patched in Android’s Framework, System, and Runtime elements, in addition to in third-party elements from Arm and Creativeness Applied sciences.
The newest Android updates additionally deal with a number of high-severity vulnerabilities found in Qualcomm elements.
Nonetheless, the listing of Qualcomm element CVEs doesn’t embody CVE-2025-21479, CVE-2025-21480 and CVE-2025-27038, which Qualcomm disclosed on Monday, warning clients about their malicious exploitation.
The three zero-day vulnerabilities have been noticed in focused assaults by Google’s personal Menace Evaluation Group, however apparently the patches have but to make it to the Android OS.
Prior to now, a few of the Qualcomm chipset vulnerabilities found by Google researchers had been leveraged in spyware and adware campaigns.
The newest Android updates shall be pushed out by smartphone makers reminiscent of LGE, Motorola and Samsung to their very own customers. Nonetheless, to this point solely Motorola has revealed an advisory for the newest vulnerabilities. Google has but to publish its month-to-month advisory for Pixel telephones. Commercial. Scroll to proceed studying.
Associated: Google Ships Android ‘Superior Safety’ Mode to Thwart Surveillance Adware
Associated: Android Replace Patches FreeType Vulnerability Exploited as Zero-Day
Associated: Android Replace Patches Two Exploited Vulnerabilities
