Latest news with #CVE-2025-27363
Yahoo
08-05-2025
- Yahoo
Google Closes Android Security Vulnerability Exploited by Hackers
Starting immediately, users with compatible devices can download the May 2025 Android Security Bulletin. It includes a patch for a font rendering flaw that allowed the execution of malicious code without user interaction. Google has released the May security update for Android, addressing a total of 46 vulnerabilities in the smartphone OS. Attackers may have already actively exploited a particularly severe security flaw. Users need to update their devices to the latest version. Critical Android Security Flaw Exploited by Hackers The May 2025 Security Bulletin addresses several vulnerabilities in the Android system and framework, as well as Google Play updates. The most dangerous of these is identified as CVE-2025-27363 and affects the open-source program library FreeType. An error in text rendering can allow local malicious code to be executed without additional execution rights and without user interaction. ADVERTISEMENT Google warns: 'There are indications that CVE-2025-27363 may be exploited in a limited and targeted manner.' However, specific details about the attack methods or affected targets are not known. The vulnerability has a CVSS base score of 8.1, making it highly dangerous. Error in Font Processing The alert about the Android security flaw came in March 2025 from Facebook, which also provided evidence of active exploitation online. It is an out-of-bounds write error that occurs when processing TrueType GX and variable font files, allowing the injection of malicious code. The vulnerability affects only older FreeType versions prior to 2.13.1. Users Must Install Current Security Patch To address the vulnerabilities, the installation of the May 2025 Android security patch is required. It has been available since May 5 for compatible smartphone models. Installation requires at least Android 13. Older versions of the operating system no longer receive security updates from Google. The post Google Closes Android Security Vulnerability Exploited by Hackers appeared first on TECHBOOK.
Daily Record
07-05-2025
- Daily Record
Android users placed on red alert - you must check your settings 'immediately'
A worrying new Android bug has been discovered and is already being used to target devices. Android phone users have been warned to make sure their settings are fully up to date, due to a worrying bug targeting them. The stark warning from security experts after the bug has been found hiding within this hugely popular operating system. Google has now fixed the error, but not before it was handed the dreaded zero-day stamp. That tag basically means the glitch has already been spotted by hackers and is being actively exploited in the wild. That's why it's so vital everyone makes a quick check without delay, reports the Mirror. Senior Security Strategy Manager EMEIA at firm Jamf, Adam Boynto said: 'The latest Android Security Bulletin contains a fix for an actively exploited vulnerability, CVE-2025-27363, therefore we advise all Android users to update their devices immediately." Google always releases monthly patches, which usually fix minor bugs and glitches. However, sometimes the problems are a little more serious and that's why it's vital all phone users make sure they keep on top of installing updates. 'The fixed bug is an out-of-bounds memory vulnerability in the FreeType software,' Jamf's Boynton explained. 'FreeType is a core component of Android devices because it renders fonts and is therefore an attractive target for cybercriminals. Exploiting the vulnerability could allow an attacker to gain control of the entire system without requiring elevated privileges. 'Although this is a targeted attack, most likely targeting high-value individuals, we strongly recommend that all users update their Android OS. The bug has been exploited since March, and its zero-click nature means that criminals can exploit the vulnerability without the user even being aware.' Google usually rolls out its updates to Pixel devices first with other manufacturers such as Samsung, OnePlus and Honor following soon after the initial release. No matter what phone you have in your pocket. It's a good idea to head to the settings menu this week and make sure things are fully updated. Join the Daily Record WhatsApp community! Get the latest news sent straight to your messages by joining our WhatsApp community today. You'll receive daily updates on breaking news as well as the top headlines across Scotland. No one will be able to see who is signed up and no one can send messages except the Daily Record team. All you have to do is click here if you're on mobile, select 'Join Community' and you're in! If you're on a desktop, simply scan the QR code above with your phone and click 'Join Community'. We also treat our community members to special offers, promotions, and adverts from us and our partners. If you don't like our community, you can check out any time you like. To leave our community click on the name at the top of your screen and choose 'exit group'. If you're curious, you can read our Privacy Notice. It comes as an urgent alert was issued to all Gmail users to be aware of a new and sophisticated scam that could compromise their personal data. Last month, an alarming rise in attacks aimed at stealing sensitive information was recorded as hackers target users. Security experts from Malwarebytes have now stepped in with their warning about this menacing online threat from cybercriminals who are exploiting Google's infrastructure, crafting emails that convincingly seem to be sent directly from the tech firm. The aim of these online crooks is to trick people into divulging their Google account credentials. Users are urged to exercise caution when checking their email accounts to avoid being deceived. You can read more here.
Daily Mirror
07-05-2025
- Daily Mirror
All Android users placed on red alert - you must check your settings 'immediately'
A worrying new Android bug has been discovered and is already being used to target devices. Anyone with an Android phone in their possession must be on high alert and make sure their settings are fully up to date. That's the latest warning from security experts after a worrying bug has been found hiding within this hugely popular operating system. Google has now fixed the glitch, but not before it was handed the dreaded zero-day stamp. That tag basically means the glitch has already been spotted by hackers and is being actively exploited in the wild. That's why its so vital everyone makes a quick check without delay. Explaining more, Adam Boynton, Senior Security Strategy Manager EMEIA at security firm Jamf, said: 'The latest Android Security Bulletin contains a fix for an actively exploited vulnerability, CVE-2025-27363, therefore we advise all Android users to update their devices immediately." Google always releases monthly patches, which usually fix minor bugs and glitches. However, sometimes the problems are a little more serious and that's why it's vital all phone users make sure they keep on top of installing updates. So what happens if you are targeted by the latest issue? 'The fixed bug is an out-of-bounds memory vulnerability in the FreeType software,' Jamf's Boynton explained. 'FreeType is a core component of Android devices because it renders fonts and is therefore an attractive target for cybercriminals. Exploiting the vulnerability could allow an attacker to gain control of the entire system without requiring elevated privileges. 'Although this is a targeted attack, most likely targeting high-value individuals, we strongly recommend that all users update their Android OS. The bug has been exploited since March, and its zero-click nature means that criminals can exploit the vulnerability without the user even being aware.' Google usually rolls out its updates to Pixel devices first with other manufacturers such as Samsung, OnePlus and Honor following soon after the initial release. No matter what phone you have in your pocket. It's a good idea to head to the settings menu this week and make sure things are fully updated.
Tom's Guide
06-05-2025
- Tom's Guide
Google releases fixes for 46 Android security flaws — update right now
(Image credit: Shutterstock) Google's May security update for Android has been released, and it contains fixes for 46 security flaws including one that the company says has been actively exploited in the wild. The vulnerability that Google says has been under limited, targeted exploitation is being tracked as CVE-2025-27363 and has a CVSS score of 8.1 which makes it a high-severity flaw. This flaw is in the System component and doesn't require any user interaction for exploitation. It is rooted in an open-source font rendering library, and is a type of out-of-bounds write flaw that could cause code execution when TrueType GX or variable font files are being parsed. Because of its location, it could lead to local code execution without the need for any extra privileges. You may like CVE-2025-27363 was first disclosed by Facebook in March of 2025 but it has now been remediated in FreeType versions higher than 2.13.0. Other flaws in the May Android update include eight vulnerabilities in the Android System and 15 in the Framework module which could be used for privilege escalation, information disclosure or used for denial-of-service or DDoS attacks. Google has stated in the security update that exploitation of these issues is made more difficult by the enhancements in newer versions of the Android platform, and the company encourages all users to update to the latest version of Android where possible. They also encourage users to use Google Play Protect so they will receive notifications about potentially dangerous apps. More from Tom's Guide Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Forbes
06-05-2025
- Forbes
Google Says Critical Android 'No User Interaction' Attacks Underway
Update your Android device now. SOPA Images/LightRocket via Getty Images The world of cybersecurity can be a funny old place sometimes. In the same week that Mac users were warned that Apple passwords are at risk if they install an update, Android users are now being told their smartphones could be hacked if they don't. Here's what you need to know about the 'no user interaction required' attacks and what you must do right now to stop them in their tracks. Forbes Confirmed — 19 Billion Compromised Passwords Published Online By Davey Winder Cybersecurity can also be confusing sometimes. Attacks use urgency as leverage, as evidenced by the latest PayPal security alert. Yet vendors and service providers simultaneously urge users to update now. Google security researchers issue detailed technical information about a Windows password-stealing threat, in the same week as Android users are informed that a no user interaction vulnerability is being exploited by attackers in the wild. Zero-day attacks are no stranger to Google, what with it reporting 75 of them last year. The latest, CVE-2025-27363, has been confirmed by Google as it releases a security update to mitigate it. According to Google, CVE-2025-27363 is a vulnerability that 'could lead to local code execution with no additional execution privileges needed.' Critically, Google has also confirmed that 'user interaction is not needed for exploitation.' Which is all very bad news, but it gets worse: the attacks against Android users are already underway. 'There are indications that CVE-2025-27363 may be under limited, targeted exploitation,' Google warned. The NIST National Vulnerability Database describes CVE-2025-27363 as being an out of bounds issue in 'FreeType versions 2.13.0 and below,' that occurs when 'attempting to parse font subglyph structures related to TrueType GX and variable font files.' All you really need to know is that this means an attacker could, under certain circumstances, execute arbitrary code. Well, that, and the small matter of the number of devices that the FreeType software is deployed on across various products, which is more than a billion. The good news is that the latest Android security updates mitigate the attack risk by applying the necessary patch, assuming your device is eligible for the update. If it is, then I would advise you to apply this particular update as soon as is practically possible. Forbes Google's Gmail Password Attack Warning — You Have Just 7 Days To Act By Davey Winder
