In a few minutes, you can tell whether your Android phone has the June 2026 Android security patch for 124 flaws, including CVE-2025-48595, which Google says is already being exploited in limited, targeted attacks.
The June update is one of Android’s larger security drops this year, according to Notebookcheck. The urgent flaw sits in the Android Framework and affects Android 14, Android 15, Android 16, and Android 16 QPR2. Patch availability depends on your phone maker and, in some cases, carrier rollout timing.
“There are indications that CVE-2025-48595 may be under limited, targeted exploitation,” Google said, according to BleepingComputer.
Confirm whether your Android phone has Google’s June security fix for the exploited flaw
Your goal is simple: find the Android security patch level on your phone and check whether it shows June 1, 2026 or June 5, 2026.
Those are the two June patch levels Google issued. The June 1, 2026 level covers core Android components and includes fixes for 18 critical vulnerabilities, according to the supplied source material. The June 5, 2026 level adds fixes for the kernel and chipmaker drivers, including components from Qualcomm and MediaTek.
Do not rely only on the Android version number. A phone can run Android 14, 15, or 16 and still be missing this month’s security patch.
Before you start, prepare the phone so the update does not stall
Connect the phone to a trusted Wi-Fi network before checking for updates. If possible, plug it into power before installing anything. Security updates can take several minutes, and the phone may restart during installation.
Now check which Android version you are running:
- Open Settings.
- Go to About phone.
- Tap Android version.
Menu names vary by manufacturer, but the same idea applies: you want the screen that lists the Android version and security patch information.
Analysis: older or lower-cost Android phones are often where delays hurt most. Notebookcheck notes that current Google Pixel devices are usually first in line, while current Samsung Galaxy models often receive patches within days. A lower-cost midrange phone that is already a couple of years old may wait weeks.
Step 1: Find the Android security patch level on your phone
Start with this path on many Android phones:
- Open Settings.
- Tap Security & privacy.
- Open System & updates.
- Look for Security update.
You may also find it here:
- Open Settings.
- Tap About phone.
- Tap Android version.
- Look for Android security patch level.
The phrase that matters is Android security patch level. Not “Android version.” Not the phone maker’s software skin version. Not a random build number.
Watch out for this: some brands label the same area differently. You may see terms such as Software update, Software information, or Security update. If you cannot find it manually, use the Settings search bar and type “security patch” or “security update.”
For broader Android context, MLXIO has also covered platform-level changes such as Android Chats Win Big as iOS 27 Fixes RCS Reactions and Android 17 Grabs Your iMessage History From iPhone. This security check is narrower: one date tells you whether this bulletin’s fixes have reached your phone.
Step 2: Compare your patch date with Google’s June Android bulletin
Once you find the patch level, compare the date.
| Your Android security patch level | What it means for this June bulletin |
|---|---|
| June 5, 2026 | Includes the June 1 fixes plus additional kernel and vendor-driver fixes listed for the June 5 level. |
| June 1, 2026 | Includes the core Android fixes from the June bulletin. |
| May 2026 or earlier | Your phone likely has not received this month’s Android security fixes yet. |
Notebookcheck’s source material says either June 1, 2026 or June 5, 2026 is the current target for this update. If your phone shows one of those dates, you are in the protected group for the June patch level shown.
If it shows an older date, do not assume the update is unavailable. It may be staged by the manufacturer or carrier. You need to check manually.
Step 3: Install the June Android update if it is available
Now search for the update from the same general Settings area.
Try one of these paths:
- Settings → Security & privacy → System & updates → Security update
- Settings → System → Software update
- Settings → Software update → Download and install
If an update appears, start it. Keep the phone connected to power if possible. Let it download, install, and restart.
Watch out for this: do not interrupt the installation once it begins. Security updates may take several minutes. The phone may be unusable during parts of the process. That is normal.
The risk case here is not theoretical. CVE-2025-48595 allows privilege escalation without user action, according to the supplied source material. Google has not disclosed who is exploiting it or exactly how.
Step 4: Recheck the patch level after the phone restarts
After the restart, go back to the same patch-level screen.
Check again:
- Open Settings.
- Go to Security & privacy or About phone.
- Find Android security patch level.
- Confirm that it now shows June 1, 2026, June 5, 2026, or a later date.
Do not assume the installation worked just because the phone rebooted. The patch date is the cleanest consumer-facing confirmation.
If the date is still older, check for updates once more. If nothing appears, your device maker or carrier may not have pushed the June patch to your unit yet.
Step 5: Cut risk if the June Android patch is not available yet
If your phone still shows May 2026 or earlier, you cannot force Google’s patch onto every Android device yourself. The rollout depends heavily on the manufacturer and, sometimes, carrier approval.
Take these steps while waiting:
- Turn on automatic system updates: This reduces the chance that the patch arrives and sits uninstalled.
- Check manually over the next few days: Staged rollouts can miss your device on the first check.
- Avoid unknown APK downloads: This is basic risk control while an exploited Android Framework flaw remains unpatched on your device.
- Be stricter with suspicious links and attachments: The source does not say how CVE-2025-48595 is being abused, so reduce avoidable exposure.
- Check your phone maker’s support page: Look for the June 2026 security bulletin or update schedule for your exact model.
- Contact your carrier if the phone is carrier-locked: Carrier-controlled updates can lag manufacturer releases.
Analysis: this is where Android fragmentation turns a Google fix into a user problem. Google can publish the patch, but your phone is not protected until your device build receives and installs it.
Step 6: Do not confuse app updates with the Android security patch
Android security protection comes in layers. The layer that matters for this specific bulletin is the Android security patch level.
You may also see a Google Play system update option near Settings → Security & privacy → System & updates on many devices. Install it if offered, but do not treat it as proof that the June Android security bulletin is installed.
Then update apps through the Play Store, especially apps that open links, messages, or files. That is useful hygiene, but it does not replace the June Android security patch for CVE-2025-48595.
The next check is the one that matters
Find the Android security patch level, compare the date, install the update if offered, and verify the date again after restart.
For this bulletin, the target is June 1, 2026 or June 5, 2026. Android 14 through 16 users should check promptly because one flaw is already under limited, targeted exploitation. If the patch has not reached your phone, keep automatic updates on and repeat the check over the next few days.
Key Takeaways
- Google fixed 124 Android security flaws, including one already being used in limited targeted attacks.
- Android users need to check their security patch level, not just their Android version number.
- Patch timing may vary by phone maker and carrier, leaving some devices exposed longer.
