Google addresses 34 high-severity vulnerabilities in June\u2019s Android security update | CyberScoop<\/title> <meta name=\"description\" content=\"The most serious flaw in the monthly security update affects the Android system and could be exploited to achieve local escalation of privilege, the company said.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/android-security-update-june-2025\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Google addresses 34 high-severity vulnerabilities in June\u2019s Android security update\"> <meta property=\"og:description\" content=\"The most serious flaw in the monthly security update affects the Android system and could be exploited to achieve local escalation of privilege, the company said.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/android-security-update-june-2025\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-06-03T19:35:17+00:00\"> <meta property=\"article:modified_time\" content=\"2025-06-03T19:35:20+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg\"> <meta property=\"og:image:width\" content=\"4900\"> <meta property=\"og:image:height\" content=\"3267\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1746040294g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1748637685g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1748220166g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/84754\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=84754\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fandroid-security-update-june-2025%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fandroid-security-update-june-2025%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-84754 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/android-security-update-june-2025\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.9180327868852\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.867924528302\">\n<div class=\"single-article__header-content\" readability=\"35.318181818182\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/android-security-update-june-2025\/\"> <span>Technology<\/span> <\/a> <\/li>\n<\/ul>\n<p> The most serious flaw in the monthly security update affects the Android system and could be exploited to achieve local escalation of privilege, the company said. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/84754\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg 4900w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> (GABRIEL BOUYS\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"19.708333333333\"><body readability=\"41.373084291188\"><\/p>\n<p>Google\u2019s <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2025-06-01\">June security update<\/a> for Android devices contains 34 vulnerabilities, all of which the company designates as high-severity defects. The company didn\u2019t disclose any actively exploited vulnerabilities.<\/p>\n<p>Attackers could exploit the most serious flaw \u2014 CVE-2025-26443 affecting the Android system \u2014 to achieve local escalation of privilege with no additional privileges required. Google said exploitation of the vulnerability requires user interaction. <\/p>\n<p>Google\u2019s security update includes one high-severity vulnerability in Android Runtime, 11 high-severity defects affecting the Android framework and four high-severity vulnerabilities affecting the Android system. The vulnerabilities, if exploited, could allow attackers to achieve escalation of privileges, remote code execution, denial of service and information disclosure.<\/p>\n<p>The company did not address a trio of Qualcomm component zero-days \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-21479\">CVE-2025-21479<\/a>, <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-21480\">CVE-2025-21480<\/a> and <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-27038\">CVE-2025-27038<\/a> \u2014 the chipmaker disclosed in a separate <a href=\"https:\/\/docs.qualcomm.com\/product\/publicresources\/securitybulletin\/june-2025-bulletin.html\">security bulletin<\/a> Monday. Qualcomm said Google\u2019s Threat Analysis Group determined the three memory-corruption flaws \u201cmay be under limited, targeted exploitation.\u201d <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The Cybersecurity and Infrastructure Security Agency added all three Qualcomm component vulnerabilities to the known exploited vulnerabilities catalog Tuesday.<\/p>\n<p>The Android security update contains two patch levels \u2014 2025-06-01 and 2025-06-05 \u2014 allowing Android partners to address a group of 16 common vulnerabilities on different devices.<\/p>\n<p>The second patch includes fixes for two high-severity vulnerabilities affecting Arm components, seven defects in Imagination Technologies components and nine total vulnerabilities in Qualcomm components.<\/p>\n<p>Third-party Android device manufacturers release security patches on their own schedule after they\u2019ve customized operating system updates for their specific hardware.<\/p>\n<p>Google said source code patches for all 34 vulnerabilities addressed in this month\u2019s security update will be released to the Android Open Source Project repository by Wednesday.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.3311688311688\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/06\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/android-security-update-june-2025\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google addresses 34 high-severity vulnerabilities in June\u2019s Android security update<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2491,1209,78,452,387,1468,823,3036,310,643,1170],"tags":[2493,668,86,454,391,1470,827,3038,311,645,1171],"class_list":["post-7705","post","type-post","status-publish","format-standard","hentry","category-android","category-cisa","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-google","category-google-threat-analysis-group","category-patching","category-qualcomm","category-technology","category-vulnerabilities","category-zero-days","tag-android","tag-cisa","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-google","tag-google-threat-analysis-group","tag-patching","tag-qualcomm","tag-technology","tag-vulnerabilities","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/android\/\" rel=\"category tag\">Android<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cisa\/\" rel=\"category tag\">CISA<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google\/\" rel=\"category tag\">Google<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-analysis-group\/\" rel=\"category tag\">Google Threat Analysis Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/patching\/\" rel=\"category tag\">Patching<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/qualcomm\/\" rel=\"category tag\">Qualcomm<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerabilities\/\" rel=\"category tag\">vulnerabilities<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7705","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7705"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7705\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7705"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7705"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7705"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7705,"date":"2025-06-03T14:35:17","date_gmt":"2025-06-03T19:35:17","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=84754"},"modified":"2025-06-03T14:35:17","modified_gmt":"2025-06-03T19:35:17","slug":"google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/06\/03\/google-addresses-34-high-severity-vulnerabilities-in-junes-android-security-update\/","title":{"rendered":"Google addresses 34 high-severity vulnerabilities in June\u2019s Android security update"},"content":{"rendered":"