Skip to content

Google fixes actively exploited Android flaw with May security update

  • by
  • 2 min read

Tada Images / Shutterstock.com

Google has released its May security patch that fixes 45 security flaws, including an actively exploited zero-click code execution vulnerability. The flaw lies in the FreeType 2 open-source font rendering library and is tracked as CVE-2025-27363 with a CVE score of 8.1.

The May updates are available for Android 13, 14, and 15 devices. Vendors are usually notified at least a month before Google publishes updates. However, this doesn’t mean the patches are available for all devices at the same time as Google’s updates, and often can take a few weeks to roll out.

Facebook security researchers discovered the vulnerability in March 2025, which affects all FreeType versions up to 2.13. The library has issued an update fixing the issue. Google’s patch notes on the issue clearly state that user interaction isn’t required for exploitation and that the bug has come under “limited, targeted exploitation.” Other information about the attack vector or exploitation wasn’t provided either.

This is an image of malware featured security

Facebook’s bulletin explains that an attacker may exploit how FreeType processes some TrueType GX and variable font files. The issue is caused by the library’s mishandling of values in device memory, creating an out-of-bounds write vulnerability. When a program accesses memory outside its allocated space, it can cause crashes, expose sensitive information, or allow arbitrary code execution.

FreeType is a system library embedded in Android, meaning users can’t check the version installed on their particular devices. The best approach to preventing any cyberattacks exploiting the bug is to update your Android to the latest security patch available as soon as possible. Since Android 12 reached end of support on March 31, 2025, smartphones running Android 12 and older remain vulnerable. Third-party Android distros can help patch the issue.

Other bugs fixed by Google in the update include issues in framework, system, Google Play, and the Android Kernel. Updates for third-party components from MediaTek, Qualcomm, Arm, and Imagination Technologies were also patched.

In the News: Brand new investment scam checks your IP address before scamming

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of scam featured 12341224

Brand new investment scam checks your IP address before scamming

This is an image of hacked security privacy

Co-op partially shutters IT systems after cyberattack

This is an image of protonmail featured 13

Indian government directed to block Proton Mail

This is an image of dark web hacker security

Malware-laden text editor used to target Uyghur users

This is an image of phishing featured storyblocks

Over 30,000 Australian banking credentials stolen

This is an image of nvidia featured 133133

Nvidia Riva API at risk of DoS attacks and data extraction

>