In its most recent security bulletin, Google has announced important updates that rectify 46 security vulnerabilities impacting Android devices. Among these is a critical zero-day vulnerability found in FreeType, which is reported to be subject to “limited, targeted exploitation.”

This month’s security patch encompasses numerous fixes, primarily targeting elevation of privilege vulnerabilities, alongside some incidents of information disclosure and denial of service, in addition to one remote code execution exploit. All identified issues are classified as high severity. The updates also address flaws related to Qualcomm, MediaTek, Arm, and Imagination Technologies components.

Active Exploit Alert

The zero-day vulnerability being addressed in this update is identified as CVE-2025-27363. This remote code execution flaw affects FreeType, a widely used open-source font rendering library, and opens avenues for attackers to manipulate how specific files are processed by the program. This flaw is applicable to FreeType versions 2.13.0 and earlier, and was initially brought to light by security experts at Facebook in March 2025. Although the vulnerability has been acknowledged, specific exploitation methods remain undisclosed.

What Android Users Should Do

For individuals using Android devices, a notification prompting the installation of the latest security updates should appear shortly. Google directs patches to Pixel smartphones and the core Android Open Source Project (AOSP) code. In general, other manufacturers like Samsung, Motorola, and Nokia follow suit by issuing updates within a similar timeframe.

This month’s patch is applicable to AOSP versions 13, 14, and 15, with specific updates released on 2025-05-01 and 2025-05-05 (the latter addressing all identified vulnerabilities). It is important to note that Google has discontinued support for Android 12 as of March 31, which means devices running this version and earlier will no longer receive security updates, even if they could be vulnerable.

If it’s uncertain whether your device has been updated, users can verify available updates by navigating to Settings > Security & Privacy > System & Updates > Security Update and follow the necessary prompts to download and install them.