this post was submitted on 07 May 2025
14 points (100.0% liked)

Android

19000 readers
83 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 2 years ago
MODERATORS
ijeff
ladfrombrad
Paradox
multimoon
mikestevens
Devgard@lemmy.world
limerod@reddthat.com
Netrunner
14
Android May 2025 Security Update Fixes Actively Exploited FreeType Zero-Day (cyberinsider.com)
submitted 4 days ago by limerod@reddthat.com to c/android
0 comments fedilink hide all child comments
 

The zero-day, tracked as CVE-2025-27363, resides in the System component and stems from a memory handling bug in FreeType — an open-source library widely used for font rendering. The flaw allows for local code execution without requiring additional privileges or user interaction. According to Facebook’s security team, which first disclosed details about the vulnerability in March 2025, attackers can exploit the issue through malformed TrueType GX or variable font files, leading to heap buffer overflows and potentially arbitrary code execution. While the vulnerability was fixed in FreeType 2.13.0 over two years ago, older versions remain embedded in many Android builds and third-party software, making the risk of exploitation significant.

Google has acknowledged signs of limited, targeted exploitation of CVE-2025-27363 in the wild, reinforcing the urgency for users and OEMs to apply the update. Devices patched with the 2025-05-05 security level will receive a fix for this vulnerability, along with all other patches from earlier levels.

Beyond the zero-day, the May 2025 bulletin addresses over 40 high-severity vulnerabilities affecting Android components such as the Framework, System, kernel, and key third-party hardware modules from Arm, MediaTek, Qualcomm, and Imagination Technologies.

Android device manufacturers are expected to incorporate these fixes into their firmware. Devices running Android 10 and later will receive some of these patches through Google Play system updates, covering components like the Wi-Fi stack, Permission Controller, and Documents UI. However, it is recommended that users of older models move to a newer device running Android version 13 or later. For some models, third-party Android distributions like GrapheneOS and LineageOS exist, which might provide security in aging devices.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here