Google has issued fixes for 47 Android vulnerabilities as part of this month's security update, one of which has already been leveraged by threat actors, CyberScoop reports.
Exploitation of the high-severity out-of-bounds write issue in versions 2.13.0 and earlier of the FreeType software library, tracked as CVE-2025-27363, could prompt arbitrary code execution, according to Facebook, which identified and reported the security flaw in March. Also addressed by Google were 24 high-severity bugs in the Android framework and system, which could be weaponized to facilitate privilege escalation, remote code and local code execution, denial-of-service conditions, and information leakage. Another patch released by Google includes remediations for 11 issues affecting Qualcomm components, nine bugs impacting Imagination Technologies components, a pair of high-severity flaws in Arm components, and a vulnerability in MediaTek components. All vulnerabilities will have their source code fixes published in the Android Open Source Project repository by Wednesday.
Exploitation of the high-severity out-of-bounds write issue in versions 2.13.0 and earlier of the FreeType software library, tracked as CVE-2025-27363, could prompt arbitrary code execution, according to Facebook, which identified and reported the security flaw in March. Also addressed by Google were 24 high-severity bugs in the Android framework and system, which could be weaponized to facilitate privilege escalation, remote code and local code execution, denial-of-service conditions, and information leakage. Another patch released by Google includes remediations for 11 issues affecting Qualcomm components, nine bugs impacting Imagination Technologies components, a pair of high-severity flaws in Arm components, and a vulnerability in MediaTek components. All vulnerabilities will have their source code fixes published in the Android Open Source Project repository by Wednesday.
