A critical vulnerability in Dolby’s Unified Decoder allows for remote code execution through malicious audio messages, affecting Android, macOS, and iOS devices. Multiple security patches have been issued by Dolby, Google, and Microsoft to address this flaw. #DolbyUnifiedDecoder #CVE-2025-54957
Keypoints
- The vulnerability is caused by an out-of-bounds write issue during decoding evolution data.
- The flaw enables remote code execution without user interaction on Android devices.
- Proof-of-concept code demonstrates successful exploitation leading to process crashes.
- Dolby reported the issue to security agencies, with patches released by Google and Microsoft.
- Exploitation on Windows requires user interaction, unlike on Android, due to system differences.
Read More: https://www.securityweek.com/vulnerability-in-dolby-decoder-can-allow-zero-click-attacks/