CyberSecurity news
FlagThis
@source.android.com
//
Google has released its May 2025 Android security bulletin, addressing a total of 46 vulnerabilities. The update includes a fix for CVE-2025-27363, a critical Remote Code Execution (RCE) flaw that is already being actively exploited in the wild. The RCE flaw exists within the Android System component, enabling local code execution without requiring user interaction or elevated privileges.
This vulnerability stems from FreeType, an open-source font rendering library widely embedded in Android. Google's advisory underscores the severity of this actively exploited bug, prompting the U.S. CISA to add it to its Known Exploited Vulnerabilities Catalog. U.S. federal agencies are now under directive to apply the patch by May 27, 2025.
The May 2025 Android security bulletin resolves several other high-impact issues across Android versions 13 through 15. These include multiple Elevation of Privilege (EoP) flaws affecting both the framework and system components. Among them are CVE-2025-0087 and CVE-2025-26426. Users are encouraged to check for updates to ensure their devices are protected from these vulnerabilities. The update is available for Android 13, 14, and 15, with Android vendors notified of the issues at least a month before publication.
ImgSrc: thecyberexpress
References :
This vulnerability stems from FreeType, an open-source font rendering library widely embedded in Android. Google's advisory underscores the severity of this actively exploited bug, prompting the U.S. CISA to add it to its Known Exploited Vulnerabilities Catalog. U.S. federal agencies are now under directive to apply the patch by May 27, 2025.
The May 2025 Android security bulletin resolves several other high-impact issues across Android versions 13 through 15. These include multiple Elevation of Privilege (EoP) flaws affecting both the framework and system components. Among them are CVE-2025-0087 and CVE-2025-26426. Users are encouraged to check for updates to ensure their devices are protected from these vulnerabilities. The update is available for Android 13, 14, and 15, with Android vendors notified of the issues at least a month before publication.
ImgSrc: thecyberexpress
Share:
References :
- CyberScoop: Google addresses 1 actively exploited vulnerability in May’s Android security update
- Malwarebytes: Malwarebytes discusses Android fixes 47 vulnerabilities, including one zero-day.
- securityaffairs.com: SecurityAffairs Google fixed actively exploited Android flaw CVE-2025-27363
- The Hacker News: The hackernews update ASAP: Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
- socradar.io: SocRadar: Android’s May 2025 Update Tackles CVE-2025-27363 & More
- www.bleepingcomputer.com: bleepingcomputer: Google fixes actively exploited FreeType flaw on Android
- thecyberexpress.com: Google Rolls Out May 2025 Android Security Bulletin, Fixes 46 Vulnerabilities Including CVE-2025-27363
Classification:
- HashTags: #Android #SecurityPatch #Vulnerability
- Company: Google
- Target: Android users
- Attacker: Threat Actors
- Product: Android
- Feature: RCE
- Type: ProductUpdate
- Severity: Major