.jpeg)
CERT-In Issues Alert on Critical Dolby Audio Bug, Urges Android Users to Update
The Indian Computer Emergency Response Team (CERT-In) has advised Android phone users to download the latest Android update. This update fixes a "critical" security flaw related to the Dolby Audio bug. Let's find out the details.
The Indian Computer Emergency Response Team, or CERT-In, has recommended that owners of Android smartphones update their devices to the latest version of Android available on their phones. The recent security update from Google has patched a “critical" vulnerability related to a bug in Dolby Audio. The “zero-click" Dolby Digital Plus (DD+) Unified Decoder bug allowed attackers to gain “unauthorized access" and “run code on their systems." The bug was first identified in October 2025. According to reports, this issue also affected Windows devices. With its January security patch, Google has fixed an issue that had compromised the privacy of many Android users.
With its advisory note titled CIVN-2026-0016, which was released on Wednesday, the cybersecurity agency urged its users running the Android OS to download the latest version of the OS update. The patch repairs a critical vulnerability dubbed Dolby DD+ Unified Decoder in mobile devices, which was exploited by hackers as well as malicious actors to carry out remote arbitrary code execution on targeted devices. Hackers could also compromise the memory systems of organizations or individuals' devices.
In its January 5 security bulletin, Google announced that its latest January security patch fixes a vulnerability related to Dolby components that was first reported in October 2025. The tech giant acknowledged the issue, stating that a severity assessment was provided by Dolby.
In addition, Dolby also issued a security advisory, stating that Dolby's DD+ Unified Decoder versions 4.5 and 4.13 could experience an "out-of-bounds" write when processing a "unique" DD+ bistream. The company also stated that it was aware that this particular bug could be exploited to remotely execute code on some Google Pixel models and other Android devices.
Want to get your story featured as above? click here!
Want to get your story featured as above? click here!
However, when issuing the security advisory, Dolby claimed that the risk of the bug being exploited for malicious purposes was low. It further stated that the bug "most commonly" caused the media player to crash or restart.
In October 2025, Google's Project Zero, a group of security researchers, discovered that a bug in the Dolby DD+ Unified Decoder could be exploited to remotely execute code on Android devices. The researchers called it a zero-click exploit because attackers could execute it without the victim clicking on a link or opening a media file.
