Technology giant Google has taken radical measures to protect its mobile ecosystem, releasing a massive package of updates aimed at addressing serious security breaches. The June patch for the Android operating system neutralizes an impressive number of 124 vulnerabilities at once, the most worrying of which is a critical “zero-day” vulnerability that has already been actively exploited by cybercriminals to carry out precisely targeted attacks. The flaw in question, registered under the code CVE-2025-48595, allowed hackers to bypass protections, gain administrator rights, and execute malicious code remotely on devices running Android 14 or later.
To address the threats, the company divided the software fixes into two separate phases, dated June 1 and 5. While the first wave covers the core of the platform, the second includes specific patches for external hardware components with closed code that are not present in every smartphone. Owners of devices from the Google Pixel series traditionally receive the digital shield immediately, while users of other brands will have to wait while the respective manufacturers adapt and test the code for their specific interfaces and architectures.
Traces of the dangerous vulnerability CVE-2025-48595 were actually caught on Google's radar back in the spring of last year, when the first isolated attempts to break through were detected. Although the problem has now been completely resolved, the developers are deliberately keeping the technical details and profile of the attacks carried out so far secret to prevent further abuse. Such type of secret weapons in the digital world are usually associated with the activities of expensive spyware or large-scale government operations targeting high-ranking individuals and civil servants.
In addition to the main threat, this update eliminates 18 more critical holes in the Framework system libraries, as well as in Qualcomm chips, which could lead to a total software crash (DoS attacks). Experts note that the most worrying was the weakness in the Framework, which allowed remote elevation of user rights on unpatched devices, without requiring any action or confirmation from the unsuspecting victim. The move follows a series of emergency software patches that the company had to implement at the end of last year and the beginning of this year due to other vulnerabilities in graphics components.
To encourage the discovery of such threats before they fall into the hands of digital criminals, Google recently modified the financial incentives for independent researchers. The reward for discovering a fundamental flaw in Android has jumped to a mind-boggling $1.5 million, while bonuses for vulnerabilities caught with the help of artificial intelligence have been reduced. The Mountain View headquarters once again reminds us that the safest way to protect ourselves remains to switch to the latest software versions, where the very architecture of the platform makes hacking attacks extremely difficult and economically unprofitable.