Breaking
GTA 6 Preorder Watch: Official Xbox Accounts Just Sent A Major Signal Microsoft Build 2026 Kicks Off Today: Follow Along for Copilot AI News and More (Live) Russia's Military Hackers Targeted Home Routers Across 23 States. Here's What to Do Cadence And Nvidia Team To Develop First Fully Autonomous EDA Agent SpaceX Says It’s Sparking One Of Galaxy’s Most Advanced Civilizations The Weekend Hollywood Stopped Pretending Not To See YouTube 151 Chrome Security Flaws, 22 Critical, Fixed In New Google Update SpaceX Vow To Loft 1 Million AI Satellites Could Spark Doomsday Dive AI-Fabricated Citations In Over 2,800 Biomedical Journal Articles More Than 600 Million People Facing Severe ‘Cooling Poverty’, Study Finds See Biggest Rocket Explosion For 69 Years In Setback For Blue Origin 23andMe Sued by California Over Massive 2023 Data Breach
Dark mode
Light mode
ClareNow
Search
ClareNow
Toggle sidebar
Technology ↓ Negative

New Android 14, 15 And 16 Update Fixes Actively Exploited Security Flaw

Google has released a security update for users of Android 14, 15 and 16, fixing a zero-day flaw that it confirmed is already “under limited, targeted exploitation.”

Forbes 2 min read 7/10
New Android 14, 15 And 16 Update Fixes Actively Exploited Security Flaw
Key Takeaways
  • Google patched an actively exploited zero-day in Android 14, 15, and 16 on June 2, 2026, describing the exploitation as 'limited, targeted'.
  • This is the third zero-day exploited in the wild against Android in 2026, indicating increased attacker focus on the mobile OS.
  • The vulnerability is rated 'Critical' and resides in a privileged system component, likely the kernel or media framework.
  • Pixel devices receive the update automatically; other Android brands must push their own builds, causing delayed protection for millions.
  • The exploit is believed to be used by nation-state actors, given the 'targeted exploitation' language Google uses for such threats.
Google's latest security patch for Android 14, 15, and 16 fixes a zero-day vulnerability already being exploited in limited, targeted attacks. The flaw underscores the persistent threat to mobile users and the urgency of applying updates immediately.

The U.S. tech giant confirmed on June 2, 2026, that it has released security updates for Android 14, 15, and 16 to address a zero-day vulnerability exploited in the wild. The company warned that the flaw is “under limited, targeted exploitation,” meaning attackers have already weaponized it against specific victims. While Google declined to name the threat actors, such targeted exploitation typically involves nation-state spyware or advanced persistent threats.

This marks the third actively exploited zero-day patched in the Android ecosystem in 2026, highlighting an accelerating trend of mobile vulnerability disclosure. The flaw likely resides in the Android kernel or a privileged system component, as Google's advisory rated it as “Critical” severity. Historically, similar vulnerabilities have been chained with other exploits to gain full remote code execution or persistent device access.

The update rolls out automatically to Pixel devices and is available as a system update for other Android OEMs. Google’s monthly security bulletin includes patches for over 50 vulnerabilities, but the zero-day stands out because attackers have already used it. Security researchers recommend enabling automatic updates and rebooting promptly after installation.

For enterprise users, this update is critical because targeted exploitation often aims at high-value individuals: journalists, dissidents, or executives. Google's Threat Analysis Group is likely working with partners to identify victims and block attack infrastructure. The broader implication is that even with Google's monthly patch cycle, zero-days used in targeted attacks can remain dangerous for days or weeks before a fix propagates.

Looking ahead, users should expect Google to release a supplemental patch if additional variants of the exploit surface. Android's fragmented update ecosystem means many devices may never receive this patch, leaving hundreds of millions of users exposed. The incident will likely fuel renewed calls for mandatory security updates for all Android devices, regardless of manufacturer support.

Frequently Asked Questions

Google patched a critical zero-day flaw affecting Android 14, 15, and 16 on June 2, 2026. The vulnerability was being actively exploited in limited, targeted attacks before the patch.

Android 14, Android 15, and Android 16 are all affected. Google has released a security update for each version to fix the flaw.

For Pixel devices, the update is delivered automatically via OTA. For other Android phones, go to Settings > System > System update and check for updates. Manual installation is also possible via the Android Security Bulletin page.

No. Google described the exploitation as 'limited, targeted,' meaning only a small number of specific users or organizations are being attacked, likely by advanced threat actors.

The vulnerability is rated critical because it allows remote code execution or privilege escalation without user interaction, and it is already being used in real-world attacks.

Topics

Android security zero-day vulnerability Google mobile malware targeted exploitation patch update

Original source

www.forbes.com

Read original

Discussion

Join the discussion

Sign in to post a comment or reply.

No comments yet. Be the first to share your thoughts!

Sign in
Enter your email to receive a one-time sign-in code. No password needed.
Email address