Google’s Android Update—Bad News For Millions Of Samsung Owners

Android is under attack — again. Google has confirmed another active exploit has been fixed in this month’s security release, with a vulnerability discovered by Meta earlier in the year caught attacking Android phones. Update as soon as you can.

Meta describes CVE-2025-27363 is “an out of bounds” memory vulnerability in FreeType font rendering software that “may result in arbitrary code execution” and which “may have been exploited in the wild.” Clearly that’s the case.

As ever, further details are restricted for the time being, giving users time to patch. Albeit Meta’s disclosure was in March, and so the timing of this update is interesting. Google says, “source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours.”

ForbesThis Apple Update Completely Changes Your iPhone—Do Not Use ItBy Zak Doffman

Google also says that “the most severe” issue patched this month “is a high security vulnerability in the System component,” likely CVE-2025-27363, which “could lead to local code execution with no additional execution privileges needed.”

Ordinarily I would note that Pixels will get these critical updates almost immediately, with Samsungs potentially waiting for the same. The Galaxy-maker’s own monthly security release is not yet available, and so it’s not yet clear if this is included or not.

But the twist with this vulnerability is that it has been fixed for Android 13 and 14 but not 15. That means it is already fixed or doesn’t apply to the newer OS. As such, most Pixel owners don’t need to worry as they will already have upgraded to Android 15. While Samsung has finally released its One UI 7 firmware to bring Android 15 to its phones, millions of eligible users are yet to upgrade and that process is ongoing.

ForbesDo Not Open This PDF On A Microsoft Windows PCBy Zak Doffman

As such, those Galaxy owners are still running an affected version of the OS and this latest open vulnerability is bad news for those users in particular, given Android 15 delays and the trail of Android exploits triggering warnings and updates this year.

Google’s beta software for Android 16 suggests more security enhancements to come, including its lauded Advanced protection Mode that will better secure phones against attack. This is well timed, given an almost monthly cadence of patched exploits.

Samsung owners should upgrade to One UI 7 / Android 15 as soon as it’s available, given it brings a raft of other security and privacy upgrades. And whatever version of Android you’re running, make sure you apply May’s security update ASAP as well.