Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities
Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. The post Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities appeared first on SecurityWeek.
Google on Monday announced its latest Android update, which includes patches for 124 vulnerabilities, including a zero-day that has been exploited in targeted attacks.
The exploited vulnerability is CVE-2025-48595, which Google describes as a high-severity privilege escalation issue affecting Android’s Framework component.
“There are indications that CVE-2025-48595 may be under limited, targeted exploitation,” Google said in its advisory.
Source: https://www.securityweek.com/android-update-patches-exploited-zero-day-123-other-vulnerabilities/
Related breach coverage
- Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 20262026-05-15
The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616. The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek.
- Google Patches Actively Exploited Android Flaw Affecting Millions of Devices2026-06-03
Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fixing 124 vulnerabilities across the mobile operating system. One flaw, tracked as CVE-2025-48595 (CVSS score of 8.4) stands out from the rest because it is already being exploited in […]
- Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks2026-05-28
Fortinet rolled out hotfixes for the security defect in April, warning that it had been exploited in the wild as a zero-day and urging immediate patching. The post Critical FortiClient EMS Vulnerability Exploited in Fresh Attacks appeared first on SecurityWeek.
- CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day2026-05-27
Resolved last week, the vulnerability was exploited in the wild as a zero-day to execute scripts with root privileges. The post CISA Urges Immediate Patching of Exploited LiteSpeed cPanel Plugin Zero-Day appeared first on SecurityWeek.