Patchday: 18 critical security vulnerabilities threaten Android 14, 15, 16
Google has closed numerous software vulnerabilities in various Android versions. Malware can get onto devices.
Google Android Bugdroid in front of a lock symbol.
(Image: Primakov/Shutterstock.com)
Security vulnerabilities in the framework, kernel, and system endanger smartphones and tablets with Android 14, 15, 16, and 16-qpr2. Anyone who owns a device still under support should ensure that the latest security updates are installed.
Various Dangers
In addition to Google, Honor and Samsung, among others, provide monthly security patches for selected smartphones (see box). As stated in a post by the Android developers, they have closed numerous security vulnerabilities this month, 18 of which are classified as "critical".
Videos by heise
The majority of these affect the system. Here, attackers can gain higher user privileges through an unspecified method (CVE-2026-0043) or trigger crashes via DoS attacks (CVE-2026-64505). The framework also contains "critical" vulnerabilities for such attacks (e.g., CVE-2025-65018, CVE-2025-64720). A kernel vulnerability (CVE-2025-40214 "high") can also serve as a springboard for attackers, granting them higher user privileges. The remaining vulnerabilities are mostly classified as "high". Information can also leak at these points.
Furthermore, components from Imagination Technologies, MediaTek, Qualcomm, and Unisoc are still vulnerable. So far, there are no indications from Google that attackers are already exploiting the vulnerabilities. However, those who receive security updates for their device should not delay installing patch levels 2026-06-01 or 2026-06-05 for too long.
Since July 2025, Google has only been closing particularly dangerous security vulnerabilities monthly and distributing further updates quarterly. This month, compared to May, there was a lot going on with only one closed vulnerability.
(des)
