CERT-In Urges Android Users to Update Smartphones After Google Patches Critical Dolby Vulnerability

The Zero-Click Dolby Digital Plus vulnerability was first reported in October 2025.

Advertisement
Written by Dhruv Raghav, Edited by David Delima | Updated: 14 January 2026 18:15 IST
Highlights
  • Google fixed the Dolby vulnerability earlier this month
  • The issue allowed bad actors to gain remote access to devices
  • The Dolby vulnerability was termed Zero-Click

CERT-In said that the issue was exploited to target individuals and organisations using Android phones.

Photo Credit: Unsplash/ Daniel Romero

Android smartphone owners have been advised by the Indian Computer Emergency Response Team (CERT-In) to download the latest Android update on their handsets. The latest security update from Google fixes a “critical” security flaw related to the Dolby audio bug. First discovered in October 2025, the “Zero-Click” Dolby Digital Plus (DD+) Unified Decoder vulnerability gave unauthorised access to bad actors, who were then able to execute code from their systems. The issue reportedly also impacted Windows devices. With its January security patch, Google has fixed the issue that put the privacy of many Android users at risk.

Why CERT-In Is Urging Android Users to Update Their Smartphones

In its advisory note CIVN–2026-0016, which was issued on Wednesday, the cybersecurity watchdog has advised Android users to download the latest OS update, which patches the “critical” Dolby DD+ Unified Decoder security vulnerability on the phones. CERT-In warned that the said vulnerability could be exploited by hackers and other bad actors to execute “arbitrary” code on the targeted device remotely. Hackers can potentially corrupt the memory systems of the devices of organisations and individuals.

Advertisement

In its January 5 security bulletin, Google announced that its latest January security patch fixes the Dolby components-related vulnerability that was first reported in October 2025. The tech giant, while acknowledging the issue, said that the severity assessment was provided by Dolby.

Additionally, Dolby also issued a security advisory, detailing that an “out-of-bound” write within Dolby's DD+ Unified Decorder version 4.5 and 4.13 could occur while processing a “unique” DD+ bistream. The company also said that it was aware that this particular bug can potentially be exploited to remotely execute code on certain Google Pixel models and other Android devices.

Advertisement

However, at the time of issuing the security advisory, Dolby claimed that the risk of the bug being used for malicious purposes was low. It added that the bug was “most commonly” observed to result in a media player crash or restart.

In October 2025, Google's Project Zero, a group of security researchers, discovered that the Dolby DD+ Unified Decoder bug could be exploited for executing code on an Android device remotely. The researchers dubbed it a zero-click exploit, as it could be run by bad actors without requiring the victim to click on a link or open a media file.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Further reading: Android, Google, Cybersecurity, CERT In
Advertisement

Related Stories

Popular Mobile Brands
  1. Redmi Note 17 Pro Launched With Snapdragon 6s Gen 4 and 9,000mAh Battery
  2. HMD Asha 505 Render Leaked Revealing Lumia 830-Like Design
  3. OnePlus Is Reportedly Preparing to Withdraw From These Two Markets
  4. StepFun Unveils StepX Neo as World's First Agentic Smartphone
  5. Realme C100x India Launch Date Announced; Here's How Much It Might Cost
  6. Nvidia's GeForce Now Cloud Gaming Service Is Finally Available in India
  7. Redmi Note 17 With an 8,000mAh Battery Debuts at This Price
  1. Huawei Pura 90s Pro, Pura 90s Pro Max Launched With Kirin 9030S Chip, 6,000mAh Batteries: Price, Features
  2. Redmi Note 17 Launched With 8,000mAh Battery, 50-Megapixel Rear Camera: Price, Specifications
  3. UK Tokenisation Drive May Boost Annual Output by $44 Billion: Report
  4. Redmi Note 17 Pro Launched With Snapdragon 6s Gen 4 and 9,000mAh Battery: Price, Features
  5. Japan’s SBI VC Trade Expands Stablecoin Services With 3 Percent Lending Yield
  6. Meta Pulls Muse AI Image Feature Less Than a Week After User Backlash Highlights Privacy Risks
  7. HMD Asha 505 Surfaces Online With Lumia-Inspired Design, 5-Inch Display in New Leaked Renders
  8. Honor Robot Phone Leak Reveals Key Specifications Ahead of Long-Awaited Debut
  9. Acer Aspire 3 (2026) Launched in India With Up to 15.6-Inch Display, Intel Celeron N4500 Processor: Price, Features
  10. Realme C100x India Launch Date Announced; Leaked Image of Retail Box Hints at Price in India
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.