Google's June Android security patch isn't one to miss. The company may roll out a security update once a month, but this latest version is quite the update: As reported by BleepingComputer, the patch contains fixes for 124 security flaws. That in and of itself makes this a substantial update, but the reason to install it with haste comes down to one particular fix.One of the 124 vulnerabilities, tracked as CVE-2025-48595, is an escalation of privilege vulnerability affecting Android Framework. Attackers can abuse it to escalate privileges—or force their way into an administrative position—and run their own code on the target device. According to Google, users don't even need to do anything in order for attackers to exploit the flaw, which is present on devices running Android 14 and newer. That impacts a huge number of devices. Worst of all, Google says that there is evidence that CVE-2025-48595 is under "limited, targeted exploitation," making it what's known as a zero-day. Google Pixel 10a $449.00 at Amazon $499.00 Save $50.00 Get Deal Get Deal $449.00 at Amazon $499.00 Save $50.00 What is a zero-day vulnerability? Zero-day vulnerabilities are the most dangerous type of security flaw. They occur when a vulnerability is publicly exposed or exploited before the software developer has a chance to issue a patch to the general user base. That gap gives attackers an advantage, since they can learn how to exploit the flaw before users can install a fix. As such, CVE-2025-48595 opens the possibility of an attack for all users who don't have the June security patch installed. The good news is that Google says the exploits so far have been limited and targeted. In all likelihood, attackers are using the exploit against high-profile targets like politicians or journalists. That being said, Google isn't disclosing much about this vulnerability other than its tracking ID and its general description, so we don't know much about the scope or danger involved.This zero-day isn't the only reason to install the update: 18 of the 124 vulnerabilities identified here are labeled as "critical," and while they aren't zero-days (meaning the flaws did not have public disclosures or exploits when Google issued the update), it's only a matter of time before hackers learn how to take advantage of these flaws. Keeping an older version of Android running on your device may put you at risk.How to install the June Android security update Because Google issues these security updates, its own phone line, Pixel, is the first to receive them. As such, Pixel users can download and install the security updates today. If you have a different Android device, like a Samsung Galaxy, OnePlus, or Motorola phone, you'll have to wait for your device manufacturer to issue the patch.Once the update pushes to your phone, it may update automatically. But to check if the update is available on your end, open the Settings app, then head to About phone (or About tablet), then choose Android version. Here, you'll see if you have a pending security update.