Google fixes actively exploited FreeType flaw on Android

Google fixes actively exploited FreeType flaw on Android

Google’s May 2025 security updates for Android address 45 vulnerabilities, including a critical zero-click exploit in the FreeType 2 library. This flaw, identified as CVE-2025-27363, poses a significant risk due to active exploitation potential. It primarily affects versions of FreeType up to 2.13, prompting strong recommendations for users on outdated Android versions to seek alternatives for security. Affected: Android, FreeType 2

Keypoints :

  • Google released May 2025 security updates for Android, fixing 45 vulnerabilities.
  • A critical zero-click vulnerability in FreeType 2, tracked as CVE-2025-27363, allows for arbitrary code execution.
  • The FreeType flaw affects all versions up to 2.13 and can be exploited when parsing malicious font files.
  • Additional vulnerabilities concern various Android framework components, with most rated as high severity.
  • Android versions 13, 14, and 15 are impacted, while Android 12 no longer receives security updates.
  • Users on older Android versions are advised to consider third-party distributions or upgrade their devices.
  • Instructions for applying the latest Android update include navigating through device settings.

Read More: https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-freetype-flaw-on-android/