Android Addresses 47 Vulnerabilities, Including One Zero-Day Exploit; Urgent Update Recommended.

Google has addressed a total of 47 vulnerabilities within the Android operating system, including a zero-day vulnerability that was actively being exploited. This information was detailed in the May 2025 Android Security Bulletin.

Zero-day vulnerabilities are defined as security flaws that are exploited by attackers before the vendor has had an opportunity to implement a fix, and often even before they are aware of the vulnerability’s existence.

The updates this month are applicable for Android versions 13, 14, and 15. Android vendors are informed of all vulnerabilities at least one month prior to the public release of security patches. However, users should be aware that the availability of these patches on all devices may not be immediate.

To verify your device’s Android version, security update level, and Google Play system level, navigate to the Settings application. Users will receive notifications when updates become available, and they may also manually check for updates.

Typically, users can do this by going to About phone or About device and selecting Software updates. Please note that there may be variations in this process depending on the brand and model of the device as well as the specific Android version in use.

If your device displays a patch level of 2025-05-05 or later, you can consider the reported vulnerabilities to be addressed. The patch level of 2025-05-01 includes fixes from the previous batch along with security updates for closed-source third-party and kernel subcomponents, which may not apply universally across all Android devices.

Maintaining the most current software version on your device is crucial in safeguarding against known vulnerabilities and enhancing overall security.

The Zero-Day Vulnerability

The zero-day vulnerability that has been patched in this update was identified by Facebook in March. This vulnerability exists in the FreeType library, which is an open-source software library utilized by Android devices for rendering fonts and displaying text. FreeType efficiently converts font files into on-screen characters, supporting numerous font formats and being prevalent across billions of devices and applications.

Tracked as CVE-2025-27363, this vulnerability permits attackers to execute remote code by exploiting the FreeType library’s handling of specific TrueType GX and variable font files. The flaw arises from mishandling memory values, resulting in an out-of-bounds write vulnerability. This issue can lead to crashes, arbitrary code execution, or exposure of sensitive data when programs exceed allocated memory bounds.

FreeType versions later than 2.13.0 correct this vulnerability. Since FreeType functions as a native library integrated within system components responsible for font rendering, most users cannot easily determine the version on their devices. The most effective protection is to ensure the installation of the latest system updates along with robust anti-malware protection.

Facebook has cautioned that attackers may have exploited this vulnerability in active attacks, with Google confirming that exploitation may be occurring on a limited basis, although specific details have not been disclosed.

It is plausible that merely opening a document or application containing a malicious font could compromise the security of a device without necessitating further user intervention or additional permissions.