System component in Android 13 and 14 allows malicious code to pass through
Attackers can attack Android devices via several security vulnerabilities. Updates are available for supported smartphones and tablets.
Security vulnerabilities threaten Android smartphones.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Google's Android operating system can be attacked in versions 13, 14 and 15 due to vulnerabilities. Among other things, attackers can gain higher user rights as a result. In the worst case, malicious code can get onto devices and compromise them completely.
In an article, the Android developers classify a system vulnerability (CVE-2025-27363, risk"high") in Android 13 and 14 as the most dangerous. Attackers without specific user rights can use this vulnerability to execute malicious code in an unspecified way. No user interaction is required for this.
In addition, the system can be attacked via other vulnerabilities and malicious actors can acquire higher rights (e.g. CVE-2025-26420, risk"high") or access information that is actually sealed off (CVE-2025-35657,"high"). Here too, it is currently unclear how such attacks could take place in detail.
Even more dangers
Security patches also close several gaps in the framework. Google Play components have also been secured. Various components from Arm, Imagination Technologies, MediaTek and Qalcomm have also received security updates. These include a kernel vulnerability (CVE-2025-45580,"high").
Videos by heise
The patch levels 2025-05-01 and 2025-05-05, in which the developers have closed the security gaps, are now available for devices currently in support. In addition to Google, LG and Samsung also provide monthly security updates for selected devices for download (see box).
So far there have been no reports of ongoing attacks. However, this could change quickly. As a result, users should update their devices promptly to prevent attacks.
(des)
