Latest news with #May2025AndroidSecurityBulletin

Yahoo

Google Closes Android Security Vulnerability Exploited by Hackers

Starting immediately, users with compatible devices can download the May 2025 Android Security Bulletin. It includes a patch for a font rendering flaw that allowed the execution of malicious code without user interaction. Google has released the May security update for Android, addressing a total of 46 vulnerabilities in the smartphone OS. Attackers may have already actively exploited a particularly severe security flaw. Users need to update their devices to the latest version. Critical Android Security Flaw Exploited by Hackers The May 2025 Security Bulletin addresses several vulnerabilities in the Android system and framework, as well as Google Play updates. The most dangerous of these is identified as CVE-2025-27363 and affects the open-source program library FreeType. An error in text rendering can allow local malicious code to be executed without additional execution rights and without user interaction. ADVERTISEMENT Google warns: 'There are indications that CVE-2025-27363 may be exploited in a limited and targeted manner.' However, specific details about the attack methods or affected targets are not known. The vulnerability has a CVSS base score of 8.1, making it highly dangerous. Error in Font Processing The alert about the Android security flaw came in March 2025 from Facebook, which also provided evidence of active exploitation online. It is an out-of-bounds write error that occurs when processing TrueType GX and variable font files, allowing the injection of malicious code. The vulnerability affects only older FreeType versions prior to 2.13.1. Users Must Install Current Security Patch To address the vulnerabilities, the installation of the May 2025 Android security patch is required. It has been available since May 5 for compatible smartphone models. Installation requires at least Android 13. Older versions of the operating system no longer receive security updates from Google. The post Google Closes Android Security Vulnerability Exploited by Hackers appeared first on TECHBOOK.