Critical Android Security Update Addresses Privilege Escalation Vulnerabilities

Android security bulletin for June 2025, addressing multiple high-severity vulnerabilities, including several that could allow attackers to gain elevated privileges on affected devices.

The most critical issue involves a Vulnerabilities in the System component that could lead to local escalation of privilege without requiring additional execution privileges, though user interaction is needed for exploitation.

Security patch levels dated 2025-06-05 or later address all these vulnerabilities, with source code patches scheduled for release to the Android Open Source Project (AOSP) repository within 48 hours of the bulletin’s publication.

The security update specifically targets a high-severity vulnerability (CVE-2025-26443) in the System component that could enable local privilege escalation.

This particular Vulnerabilities affects Android versions 13, 14, and 15, requiring user interaction for successful exploitation.

The update also addresses several information disclosure vulnerabilities in the System component, including CVE-2025-26441, CVE-2025-26445, and CVE-2025-26453, all rated as high severity.

Google emphasizes that exploitation of many vulnerabilities has been made more difficult by enhancements in newer Android platform versions, strongly encouraging users to update to the latest version where possible.

Escalation Vulnerabilities

The security bulletin identifies multiple high-severity elevation of privilege vulnerabilities within the Framework component.

Notably, CVE-2025-26450, CVE-2025-26455, CVE-2025-26458, CVE-2025-26462, and CVE-2025-32312 all affect Android 13 through 15, potentially allowing local privilege escalation without requiring additional execution privileges or user interaction.

Additionally, the Android Runtime component contains a vulnerability (CVE-2025-26456) that could lead to local permanent denial of service, affecting Android 14 and 15 devices.

The bulletin also details information disclosure and denial of service vulnerabilities in the Framework, underscoring the comprehensive nature of this security update.

Mitigations

Beyond the core Android components, the June 2025 security update includes patches for vulnerabilities affecting vendor-specific hardware.

ARM components, particularly Mali GPUs, received fixes for CVE-2025-0073 and CVE-2025-0819, both rated as high severity.

Imagination Technologies’ PowerVR GPU vulnerabilities were addressed with seven high-severity patches.

Qualcomm components, including both open-source kernel elements and closed-source components, received multiple fixes for high-severity vulnerabilities.

Google notes that some devices running Android 10 or later may receive these security updates via Google Play system updates, highlighting the flexibility of Android’s security update mechanism.

The company’s security team actively monitors for abuse through Google Play Protect, which is enabled by default on devices with Google Mobile Services.

Device manufacturers are expected to implement these patches promptly, with two security patch levels (2025-06-01 and 2025-06-05) providing flexibility in deployment schedules.

Users can check their device’s security patch level through the device settings to verify protection against these vulnerabilities.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.

The post Critical Android Security Update Addresses Privilege Escalation Vulnerabilities appeared first on Cyber Security News.