Google has just released the May 2025 Android security update. With this new security bulletin, the Mountain View giant fixes 46 identified flaws in the operating system. Last month, Google uncovered and patched more than 60 vulnerabilities in the OS code.
Among the flaws identified in May is a high-severity vulnerability located in the open-source FreeType library, used for rendering fonts. This is an out-of-bounds write issue, a type of error where a program writes data outside the allocated memory area. This bug results from improper handling of data types.
A formidable vulnerability exploited by hackers
By exploiting the vulnerability, a cybercriminal is able to inject and execute malicious code on the affected system, without requiring elevated privileges. Furthermore, an attack can take place without requiring any interaction from the smartphone user. The user doesn't need to click or interact with anything. In fact, simply processing a malicious font is enough to trigger the vulnerability. This is why the flaw is particularly worrying.
Worse, it appears that the flaw has been exploited by cybercriminals in attacks. For security reasons, Google has not said more about the circumstances of the cyberattacks relying on the vulnerability. Note that the cyberattacks were already pinpointed by Meta in March 2025. The problem was fixed in the latest versions of FreeType. All that was left was to wait for everyone to incorporate this fix. Mirroring Android, several Linux distributions, such as Ubuntu, Debian, and Fedora, have also integrated patches for this vulnerability.
Install the Android update as soon as possible
Unsurprisingly, Google is asking all Android smartphone users to install the update as soon as possible. For now, the update has just arrived on Pixel devices. To ensure all Android smartphones are protected, manufacturers must integrate security patches into their custom interfaces. Indeed, Google provides security updates, but it is the manufacturers, like Samsung or Xiaomi, who must adapt them to their devices.
A 2021 academic study showed that the median time between Google publishing a patch and its distribution to users is around 24 days, with significant variations depending on the manufacturer. To find out if the patch is already available on your smartphone, go to Settings > About device > Software Update.
Source: Google
0 Comments