Critical Framework Vulnerability Under Attack
Google has released its monthly security update for Android, fixing 124 vulnerabilities across the operating system. Among the patches is one high severity flaw in the Framework component that is already being exploited in the wild. The vulnerability allows an attacker to escalate privileges on affected devices without any user interaction, making it particularly dangerous. It impacts Android versions 14, 15, 16, and the latest quarterly platform release.
The exploit is reportedly being used in limited, targeted attacks. While Google has not disclosed specific details about the threat actors or victims, similar vulnerabilities in the past have been leveraged by commercial spyware vendors against high profile individuals. The flaw originates from an integer overflow condition in multiple locations, which can be abused to achieve code execution on the device.
Impact and Remediation Steps
Beyond the actively exploited flaw, the June 2026 update addresses several other serious vulnerabilities in the System component that could also lead to local privilege escalation. Google has issued two security patch levels a partial set dated June 1 and a complete set dated June 5. The full patch includes fixes for the kernel and third party chipset components from vendors such as Imagination Technologies, MediaTek, Qualcomm, and Unisoc.
The U.S. Cybersecurity and Infrastructure Security Agency has already added the exploited vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply the fix by June 5, 2026. All Android users and device manufacturers are strongly urged to install the latest security update as soon as it becomes available for their devices.
Source: The Hacker News
