Home
Mobiles
Mobiles News
CERT In Urges Android Users to Update Smartphones After Google Patches Critical Dolby Vulnerability

CERT-In Urges Android Users to Update Smartphones After Google Patches Critical Dolby Vulnerability

The Zero-Click Dolby Digital Plus vulnerability was first reported in October 2025.

Written by Dhruv Raghav, Edited by David Delima | Updated: 14 January 2026 18:15 IST

CERT-In Urges Android Users to Update Smartphones After Google Patches Critical Dolby Vulnerability

Photo Credit: Unsplash/ Daniel Romero

CERT-In said that the issue was exploited to target individuals and organisations using Android phones.

Click Here to Add Gadgets360 As A Trusted Source

Highlights

Google fixed the Dolby vulnerability earlier this month
The issue allowed bad actors to gain remote access to devices
The Dolby vulnerability was termed Zero-Click

Android smartphone owners have been advised by the Indian Computer Emergency Response Team (CERT-In) to download the latest Android update on their handsets. The latest security update from Google fixes a “critical” security flaw related to the Dolby audio bug. First discovered in October 2025, the “Zero-Click” Dolby Digital Plus (DD+) Unified Decoder vulnerability gave unauthorised access to bad actors, who were then able to execute code from their systems. The issue reportedly also impacted Windows devices. With its January security patch, Google has fixed the issue that put the privacy of many Android users at risk.

Why CERT-In Is Urging Android Users to Update Their Smartphones

In its advisory note CIVN–2026-0016, which was issued on Wednesday, the cybersecurity watchdog has advised Android users to download the latest OS update, which patches the “critical” Dolby DD+ Unified Decoder security vulnerability on the phones. CERT-In warned that the said vulnerability could be exploited by hackers and other bad actors to execute “arbitrary” code on the targeted device remotely. Hackers can potentially corrupt the memory systems of the devices of organisations and individuals.

In its January 5 security bulletin, Google announced that its latest January security patch fixes the Dolby components-related vulnerability that was first reported in October 2025. The tech giant, while acknowledging the issue, said that the severity assessment was provided by Dolby.

Here’s How Much the Motorola Signature Could Cost in India

Additionally, Dolby also issued a security advisory, detailing that an “out-of-bound” write within Dolby's DD+ Unified Decorder version 4.5 and 4.13 could occur while processing a “unique” DD+ bistream. The company also said that it was aware that this particular bug can potentially be exploited to remotely execute code on certain Google Pixel models and other Android devices.

However, at the time of issuing the security advisory, Dolby claimed that the risk of the bug being used for malicious purposes was low. It added that the bug was “most commonly” observed to result in a media player crash or restart.

In October 2025, Google's Project Zero, a group of security researchers, discovered that the Dolby DD+ Unified Decoder bug could be exploited for executing code on an Android device remotely. The researchers dubbed it a zero-click exploit, as it could be run by bad actors without requiring the victim to click on a link or open a media file.

Comments

Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.

Further reading: Android, Google, Cybersecurity, CERT In

Dhruv Raghav

Email Dhruv Raghav

Dhruv Raghav is currently working as a Senior Sub Editor at Gadgets360. He has previously covered the North American financial markets as a Headline News Correspondent for a major news agency. After taking a sabbatical to prepare for the Civil Services examination, he returned to journalism to cover tech policy, with a special focus on AI laws and online gaming regulation. Now, he is back in Gadgets360 to write features and edit stories. To unwind, he likes to spend time with his PS5, listening ...More