Starting March 27, 2025, we recommend using android-latest-release instead of aosp-main to build and contribute to AOSP. For more information, see Changes to AOSP.
Stay organized with collections
Save and categorize content based on your preferences.
Published April 7, 2025
The Wear OS Security Bulletin contains details of security vulnerabilities
affecting the Wear OS platform.
The full Wear OS update comprises the security patch level of 2025-04-05 or later from the
April 2025
Android Security Bulletin in addition to all issues in this bulletin.
We encourage all customers to accept these updates to their devices.
Announcements
There are no Android Wear OS security patches in the April 2025 Android Wear
OS Update Bulletin.
Common questions and answers
This section answers common questions that may occur after reading this
bulletin.
1. How do I determine if my device is updated to address these
issues?
Security patch levels of 2025-04-01 or later address all issues associated with the 2025-04-01 security patch level.
Device manufacturers that include these updates should set the patch string level to:
[ro.build.version.security_patch]:[2025-04-01]
For some devices on Android 10 or later, the Google Play system update
will have a date string that matches the 2025-04-01
security patch level.
Please see this article for more details on how to install
security updates.
2. What do the entries in the Type column mean?
Entries in the Type column of the vulnerability details table
reference the classification of the security vulnerability.
Abbreviation
Definition
RCE
Remote code execution
EoP
Elevation of privilege
ID
Information disclosure
DoS
Denial of service
N/A
Classification not available
3. What do the entries in the References column mean?
Entries under the References column of the vulnerability details
table may contain a prefix identifying the organization to which the reference
value belongs.
Prefix
Reference
A-
Android bug ID
QC-
Qualcomm reference number
M-
MediaTek reference number
N-
NVIDIA reference number
B-
Broadcom reference number
U-
UNISOC reference number
4. What does an * next to the Android bug ID in the References
column mean?
Issues that are not publicly available have an * next to the corresponding
reference ID. The update for that issue is generally contained in the latest
binary drivers for Pixel devices available from the
Google Developer site.
5. Why are security vulnerabilities split between this bulletin and
device / partner security bulletins, such as the
Pixel bulletin?
Security vulnerabilities that are documented in this security bulletin are
required to declare the latest security patch level on Android
devices. Additional security vulnerabilities that are documented in the
device / partner security bulletins are not required for
declaring a security patch level. Android device and chipset manufacturers
may also publish security vulnerability details specific to their products,
such as
Google,
Huawei,
LGE,
Motorola,
Nokia, or
Samsung.
Versions
Version
Date
Notes
1.0
April 7, 2025
Bulletin published
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2025-06-02 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-06-02 UTC."],[],[],null,["# Wear OS Security Bulletin—April 2025\n\n*Published April 7, 2025*\n\n\nThe Wear OS Security Bulletin contains details of security vulnerabilities\naffecting the Wear OS platform.\nThe full Wear OS update comprises the security patch level of 2025-04-05 or later from the\n[April 2025\nAndroid Security Bulletin](/docs/security/bulletin/2025-04-01) in addition to all issues in this bulletin.\n\n\nWe encourage all customers to accept these updates to their devices.\n| **Note**: Please contact your device supplier for device firmware images.\n\nAnnouncements\n-------------\n\n- There are no Android Wear OS security patches in the April 2025 Android Wear OS Update Bulletin.\n\nCommon questions and answers\n----------------------------\n\nThis section answers common questions that may occur after reading this\nbulletin.\n\n**1. How do I determine if my device is updated to address these\nissues?**\n\nTo learn how to check a device's security patch level, read the instructions on the\n[Google device update schedule](https://support.google.com/android/answer/7680439).\n\nSecurity patch levels of 2025-04-01 or later address all issues associated with the 2025-04-01 security patch level.\n\nDevice manufacturers that include these updates should set the patch string level to:\n\n- \\[ro.build.version.security_patch\\]:\\[2025-04-01\\]\n\nFor some devices on Android 10 or later, the Google Play system update\nwill have a date string that matches the 2025-04-01\nsecurity patch level.\nPlease see [this article](https://support.google.com/android/answer/7680439) for more details on how to install\nsecurity updates.\n\n\n**2. What do the entries in the *Type* column mean?**\n\nEntries in the *Type* column of the vulnerability details table\nreference the classification of the security vulnerability.\n\n| Abbreviation | Definition |\n|--------------|------------------------------|\n| RCE | Remote code execution |\n| EoP | Elevation of privilege |\n| ID | Information disclosure |\n| DoS | Denial of service |\n| N/A | Classification not available |\n\n\n**3. What do the entries in the *References* column mean?**\n\nEntries under the *References* column of the vulnerability details\ntable may contain a prefix identifying the organization to which the reference\nvalue belongs.\n\n| Prefix | Reference |\n|--------|---------------------------|\n| A- | Android bug ID |\n| QC- | Qualcomm reference number |\n| M- | MediaTek reference number |\n| N- | NVIDIA reference number |\n| B- | Broadcom reference number |\n| U- | UNISOC reference number |\n\n\n**4. What does an \\* next to the Android bug ID in the *References*\ncolumn mean?**\n\nIssues that are not publicly available have an \\* next to the corresponding\nreference ID. The update for that issue is generally contained in the latest\nbinary drivers for Pixel devices available from the\n[Google Developer site](https://developers.google.com/android/drivers).\n\n**5. Why are security vulnerabilities split between this bulletin and\ndevice / partner security bulletins, such as the\nPixel bulletin?**\n\nSecurity vulnerabilities that are documented in this security bulletin are\nrequired to declare the latest security patch level on Android\ndevices. Additional security vulnerabilities that are documented in the\ndevice / partner security bulletins are not required for\ndeclaring a security patch level. Android device and chipset manufacturers\nmay also publish security vulnerability details specific to their products,\nsuch as\n[Google](/docs/security/bulletin/pixel),\n[Huawei](https://consumer.huawei.com/en/support/bulletin/),\n[LGE](https://lgsecurity.lge.com/security_updates_mobile.html),\n[Motorola](https://motorola-global-portal.custhelp.com/app/software-security-page/g_id/6806),\n[Nokia](https://www.nokia.com/phones/en_int/security-updates), or\n[Samsung](https://security.samsungmobile.com/securityUpdate.smsb).\n\nVersions\n--------\n\n| Version | Date | Notes |\n|---------|---------------|--------------------|\n| 1.0 | April 7, 2025 | Bulletin published |"]]
