Google’s May 2025 Android security update has addressed a critical vulnerability that is putting millions of Android devices at risk. The update patches 45 security flaws, including CVE-2025-27363 – a zero-click exploit in the popular FreeType 2 library. Discovered by Facebook security researchers in March 2025, this flaw allows attackers to execute arbitrary code by tricking the FreeType engine into parsing malicious TrueType GX or variable font files. Read more about this discovery on BleepingComputer.
What Is the FreeType 2 Vulnerability (CVE-2025-27363)?
The vulnerability lies within FreeType 2, an open-source font rendering library used in Android to display text on images and other graphical elements. The issue arises when FreeType processes fonts, causing an out‑of‑bounds memory write that can lead to arbitrary code execution. As explained in Google’s official bulletin, this high-severity exploit is already being actively targeted.
How Does This Exploit Work?
According to Facebook’s disclosure on their security advisory, the attack exploits a flaw when FreeType processes malformed font subglyph structures related to TrueType GX and variable fonts. The bug results in an out-of-bounds write: a signed short is mistakenly assigned to an unsigned long, eventually leading to a heap buffer allocation that is too small. Consequently, this miscalculation enables an attacker to write up to six signed long integers beyond the intended memory, enabling arbitrary code execution.
Is Your Android Device at Risk?
The vulnerability primarily affects Android devices relying on FreeType versions up to 2.13 (released February 9, 2023). Here are some key points to consider:
- Devices running Android versions 13, 14, and 15 could be impacted, though not all components are equally vulnerable.
- Android 12, which reached end-of-support on March 31, 2025, no longer receives direct security fixes and therefore may remain exposed.
- Users on older versions should consider third-party security patches or an upgrade to a supported version.
How to Patch the FreeType Exploit
To mitigate the risk associated with CVE-2025-27363, follow these simple steps:
- Open your Android device settings and navigate to Security & Privacy.
- Select System & Updates and then Security Update.
- Click on Check for update to start the patching process. (Note that the path may vary slightly depending on your device manufacturer.)
This update is critical to ensure that your device is protected against this actively exploited vulnerability.
Why This Flaw Is So Dangerous
The zero-click nature of the exploit means that the attack can occur without any interaction from the user. Once a device parses a malicious font file, the exploit can execute automatically, potentially compromising sensitive data and even the entire device. This underscores the urgency of applying the latest updates immediately.
What If You’re Using an Older Android Device?
For users with Android 12 or older devices, the security risks are even more pronounced due to the lack of direct support. Consider the following:
- Investigate third-party Android distributions that may offer continued security patches.
- Consider upgrading to a newer device to ensure ongoing support and protection from emerging threats.
Stay Informed with Expert Insights
For those interested in a deeper dive into cybersecurity trends, check out the Red Report 2025. This analysis explores the top 10 MITRE ATT&CK techniques behind 93% of observed attacks and can provide you with actionable insights into how to defend against them.
Conclusion
With CVE-2025-27363 actively exploited, every minute counts. Updating your Android device is not just a recommended step—it’s an essential action to safeguard your personal data and device integrity. By following the steps outlined above, you can ensure that your device is secure against this critical exploit. Stay proactive, keep your device updated, and follow best practices in Android security to mitigate future threats.
Call-to-Action: If you haven’t yet updated your Android device, check for the latest security update now and secure your system against ongoing attacks.
Remember: Regular updates are your first line of defense in the ever-evolving landscape of cybersecurity.