Overview

• Google's May 2025 security bulletin patches CVE-2025-27363, a zero-click FreeType vulnerability actively exploited in targeted attacks since March.
• The flaw enables attackers to execute arbitrary code and gain full system control without requiring user interaction or elevated privileges.
• While Pixel devices are receiving updates immediately, other Android users must wait for their device manufacturers to release the patches.
• Devices running Android 12 or older remain unsupported and vulnerable, with users encouraged to upgrade or explore third-party solutions.
• The update also fixes multiple high-severity vulnerabilities in Android Framework, System, and proprietary components from MediaTek, Qualcomm, and others.