Everyone with an Android phone warned to 'update their devices immediately'

If you have an phone in your pocket it has been advised that you dive into your settings today and see if you have a software update waiting to install. That's because has just released its monthly security upgrade for Android devices, and this one fixes a vulnerability that a security expert has said is being "actively exploited" by hackers.

"The latest Android Security Bulletin contains a fix for an actively exploited vulnerability, CVE-2025-27363, therefore we advise all Android users to update their devices immediately," said Adam Boynton, Senior Security Strategy Manager EMEIA at security firm Jamf.

Google, the maker of Android, releases monthly security bulletins on the official Android website to coincide with monthly security updates for Android phones. While Google provides these bug-fixing patches for its Pixels in a timely manner, it's up to other Android manufacturers to send them out to their devices, so if you have a , OnePlus, Xiaomi or other Android phone, you might not yet have the free update waiting to install.

The most worrying bug "may be under limited, targeted exploitation", , which means it's best to install the new update as soon as possible.

"The fixed bug is an out-of-bounds memory vulnerability in the FreeType software," Jamf's Boynton explained. "FreeType is a core component of Android devices because it renders fonts and is therefore an attractive target for cybercriminals. Exploiting the vulnerability could allow an attacker to gain control of the entire system without requiring elevated privileges."

Android phones have varying levels of support. Most Pixel phones are now supported for seven years from release by Google, and Samsung offers the same for its most expensive phones. But support has not always been this good, and your phone may not still be receiving software updates from the manufacturer.

If you're still getting updates regularly, keep an eye on the software update section of your settings app in the coming days to see if you've got a package ready to install.

"Although this is a targeted attack, most likely targeting high-value individuals, we strongly recommend that all users update their Android OS," Boynton said. "The bug has been exploited since March, and its zero-click nature means that criminals can exploit the vulnerability without the user even being aware."

Even if your phone no longer receives free updates, it is unlikely you'll be personally targeted by criminals via this particular bug. Nevertheless, you might want to consider getting a new phone in the longterm, paying close attention to how long it'll get software updates for.

New Android phones that get seven years of updates include the , Samsung Galaxy S25, S25 Plus and S25 Ultra, as well as the Honor Magic 7 Pro. Older phones such as the Pixel 8 and Galaxy S24 also benefit from this generous perk.