Particle.news
Download on the App Store
3 ARTICLES
·
last mo.

Google Patches Actively Exploited Android Zero-Day in May 2025 Security Update

The May updates address 46 high-risk vulnerabilities, but OEM delays and unsupported devices leave users exposed.

Image
Image
Image

Overview

  • Google's May 2025 Android Security Bulletin includes two patch levels, addressing 24 AOSP vulnerabilities and 22 hardware/kernel flaws, all rated high risk.
  • An actively exploited zero-day vulnerability, CVE-2025-27363, has been patched, but targeted attacks on Android 13 and 14 continue to exploit high-risk system flaws.
  • OEMs like Samsung and LG have started rolling out updates, but Pixel users await a delayed, device-specific security bulletin from Google.
  • Android 12 devices no longer receive security updates following the end of support in March 2025, increasing risks for users still on older versions.
  • Google Play Mainline is delivering some patches to unsupported devices, but fragmentation in update distribution leaves many users vulnerable.