Google releases monthly security updates for Android, with fixes for 46 security flaws.
The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1). This is a sophisticated flaw in the system components that can lead to local code execution without the need for additional execution privileges.
“The most serious of these issues is the high security vulnerabilities of system components that can lead to local code execution without the need for additional execution privileges,” Google said in its advisory Monday. “Exploitation doesn’t require user interaction.”
Note that CVE-2025-27363 is rooted in a free-type open-source font rendering library. It was first disclosed by Facebook in March 2025 and was exploited in the wild.
This drawback is described as an out-of-range write flaw that can result in code execution when parsing TrueType GX and variable font files. This issue has been fixed in Freetype versions above 2.13.0.
“There are indications that CVE-2025-27363 may be limited to targeted exploitation,” Google admitted in a security bulletin. The exact details of the attack are currently unknown.
Google updates also resolve the other 8 flaws in the Android system and 15 flaws in the framework module.
“The exploitation of many issues on Android will be more difficult due to the enhancement of new versions of the Android platform,” the company said. “We recommend that all users update to the latest version of Android if possible.”
Source link
