Google releases fixes for 46 Android security flaws — update right now
Google's May security update for Android has been released, and it contains fixes for 46 security flaws including one that the company says has been actively exploited in the wild.
The vulnerability that Google says has been under limited, targeted exploitation is being tracked as CVE-2025-27363 and has a CVSS score of 8.1 which makes it a high-severity flaw.
This flaw is in the System component and doesn't require any user interaction for exploitation. It is rooted in an open-source font rendering library, and is a type of out-of-bounds write flaw that could cause code execution when TrueType GX or variable font files are being parsed. Because of its location, it could lead to local code execution without the need for any extra privileges. You may like
CVE-2025-27363 was first disclosed by Facebook in March of 2025 but it has now been remediated in FreeType versions higher than 2.13.0. Other flaws in the May Android update include eight vulnerabilities in the Android System and 15 in the Framework module which could be used for privilege escalation, information disclosure or used for denial-of-service or DDoS attacks.
Google has stated in the security update that exploitation of these issues is made more difficult by the enhancements in newer versions of the Android platform, and the company encourages all users to update to the latest version of Android where possible. They also encourage users to use Google Play Protect so they will receive notifications about potentially dangerous apps. More from Tom's Guide
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Digital Trends
9 minutes ago
- Digital Trends
Google's AI could lead you into scam support numbers on Search
Over the past few months, we have come across numerous cases where sophisticated AI tools have been used to duplicate a person's voice and trap a person in financial scams. Experts have also warned that AI is opening new avenues of online fraud. It seems Google's AI overviews and the AI Mode results could unknowingly entangle you in a similar trap. The owner of a real estate firm recently reported how they came across a phone number while looking up Royal Caribbean's customer service number. The number they found in the Google AI Overviews section at the top of the Search page wasn't real and was run by a scammer instead. Recommended Videos 'I'm sharing this as a public service announcement. With AI-generated results and spoofed numbers, the game has changed,' Alex Rivlin, owner of the company, said in a Facebook post. He added that he managed to escape at the last moment, but not before he had already handed over his credit card details to the bad actor. Another report mentions a similar fake support number attached to Southwest Airlines. The number that appears in the Google AI Overview doesn't appear on the Southwest Airlines website, and apparently handled by tricksters trying to charge hundreds of dollars for fixing a misspelled name on tickets. Why is it risky to seek helpline numbers with AI? On Reddit, I came across a report detailing the account of an individual who was also on the verge of getting scammed after looking up the number of a food delivery service's customer support contact on Google Search. The scam has already tricked many, and a 65-year-old man recently lost over three thousand dollars after looking up 'Swiggy call centre' on Google Search. To test whether the issues persist, I looked up 'swiggy customer care number' and switched to the new Google AI Mode. This is where the confusion begins. Swiggy's website clearly mentions that they do 'not have any official customer care phone lines. Beware of fake numbers.' Google's AI mode says Swiggy 'primarily' refers users to solve the issue within the apps. Underneath, it adds that 'some sources mention these numbers as Swiggy Customer Service contact options.' This is again confusing and misleading in its own right. One of the numbers is only for partner onboarding, and not for 'customer care,' which was the original search query. Moreover, the two other numbers don't appear on an official Swiggy directory. Furthermore, one of those numbers even appears in a report lodged by a misled customer on the non-profit ConsumerComplaintsCourt website. How to proceed safely? This is not a unique problem. For a while now, Google Search results have been flooded by fake numbers in the guise of customer support helplines, waiting to scam an unsuspecting user. But with the advent of AI tools in Search, such as AI Overviews and Google AI Mode, the risks have multiplied. 'Scammers have discovered that they can flood user-generated content sites and forums with fake phone numbers for major businesses, then trick callers into sharing their credit card information,' Lily Ray, Vice President of SEO Strategy & Research at Amsive, wrote on LinkedIn. Experts at Odin and ITBrew also highlighted how hackers can write a 'command that Gemini must include the message and its phony tech-support contact number in its summary response.' Google, it seems, is aware of the problem. Google told The Washington Post that it continues to remove unreliable entries from AI Overviews. In the meantime, as an average internet user, the best advice that I can give you is that for all customer support helpline numbers and email addresses, visit the official website of the companies and look up the required contact details.
USA Today
3 hours ago
- USA Today
The Amazon Appstore shuts down on Androids Aug. 20. Will you get a refund?
Amazon is set to shutter its Amazon Appstore on the Android operating system Wednesday, Aug. 20. The move, announced in February, shutters the mega-corporation's competitor to the Google Play store on Android devices. The company shut down the app store on Windows in 2024. The store will remain open on Fire TV and Fire Tablet devices. "We've decided to discontinue the Amazon Appstore on Android to focus our efforts on the Appstore experience on our own devices, as that's where the overwhelming majority of our customers currently engage with it," Amazon said in a statement to Android news outlet Android Police at the time. The Amazon Coins program will also close Aug. 20, meaning some people may see refunds. Here's what you need to about the Amazon Appstore closing on Andrioid. Will I get a refund from Amazon shutting down the Amazon app store on Android? App store customers with Amazon Coins remaining in their account will be refunded, according to the FAQ page on the shutdown. Information about refunds "will be shared at a later date," the page reads. Will apps from the Amazon app store continue to work? Apps purchased on the Amazon app store are not guaranteed to continue working after Aug. 20, according to the FAQ page. What are Amazon Coins? Amazon Coins were used to make purchases on certain apps and in the Amazon Appstore.
Yahoo
4 hours ago
- Yahoo
Even more details of the Pixel Watch 4 have leaked, including some key upgrades
When you buy through links on our articles, Future and its syndication partners may earn a commission. More Pixel Watch 4 information has leaked We can see new sensors and charging contacts The wearable should launch on August 20 The Pixel Watch 4 is almost certainly going to be unveiled alongside the Pixel 10 series and the Pixel Buds 2a on Wednesday, August 20 – though Google has only confirmed the date, not what's being launched – and a new leak gives us more information on the wearable. Images posted to Reddit (via 9to5Google) show what look to be official marketing slides for the Pixel Watch 4, detailing features such as improved durability, battery life, and activity tracking accuracy – courtesy of a "Gen 3 sensor hub". That would be an upgrade on the sensors we saw with the Google Pixel Watch 3, and should mean better precision in readings such as heart rate – though we won't know for sure until we've actually had an opportunity to try it out. We also get another look at the rather unusual side charging system that showed up in an earlier leak, with charge contacts positioned on the side of the watch casing: it would appear this is how you'll be able to charge up the Pixel Watch 4. 'Technological advancements' There's plenty of positive phrasing in these marketing materials, as you would expect. The watch apparently brings "significant technological advancements" over its predecessor, together with a "premium crafted design". The battery life is listed as reaching 30 hours between charges, which is said to be a 25% boost over the current model. Better battery life had already been mentioned in previous leaks, so we're hopeful in that particular department. There's also mention of the two expected watch sizes, 41 mm and 42 mm, while Gemini integration is mentioned, as well as "dual frequency" GPS – which suggests the wearable will be more accurate and faster in reporting its location. Together with the rest of the leaked information that's also emerged in recent days, it looks as though the Pixel Watch 4 could be an appealing prospect, when it's finally confirmed – and perhaps worth a spot on our best smartwatches list. You might also like The Pixel Watch 4 could improve repairability These are the best Android smartwatches You may have to wait to buy the Pixel Watch 4
