Google has recently released its monthly security updates for Android, addressing a total of 46 security flaws, one of which has been exploited in the wild. The vulnerability, identified as CVE-2025-27363 with a CVSS score of 8.1, is a high-severity flaw in the System component that could potentially lead to local code execution without requiring additional privileges.
This particular vulnerability is rooted in the FreeType open-source font rendering library and was initially disclosed by Facebook in March 2025 after being actively exploited. The flaw, described as an out-of-bounds write issue, could allow attackers to execute malicious code when parsing TrueType GX and variable font files. Google has recommended updating FreeType to versions higher than 2.13.0 to mitigate this risk.
Google has acknowledged that there are indications of limited, targeted exploitation of CVE-2025-27363, although specific details about these attacks are currently unknown. In addition to addressing this critical flaw, the May update also fixes eight other vulnerabilities in the Android System and 15 flaws in the Framework module that could be leveraged for privilege escalation, information disclosure, and denial-of-service attacks.
The company emphasized the importance of keeping devices updated to the latest version of Android to benefit from security enhancements that make exploitation more challenging. Users are encouraged to apply the May security update promptly to protect their devices from potential threats. As cyber threats continue to evolve, staying vigilant and proactive in implementing security measures is crucial to safeguarding sensitive information and maintaining the integrity of mobile devices.
Source link