The January 2026 Android update addresses a critical vulnerability (CVE-2025-54957) in the Dolby audio decoder that could enable remote code execution without user interaction. This flaw, exploited through specially crafted media files, affects multiple devices and has been patched by Google in December 2025. #CVE-2025-54957 #DolbyDigitalPlus
Keypoints
- The vulnerability impacts the Dolby Digital Plus (DD+) Unified Decoder in Android devices.
- Exploiting the flaw can cause crashes, restarts, or remote code execution without user interaction.
- Google discovered and reported the issue, releasing a patch in December 2025 via the January update.
- The flaw was publicly detailed in October 2025, gaining media attention and patches from Microsoft as well.
- Devices affected include Pixel phones, Samsung S24, MacBook Air M1, and iPhone 17 Pro.
Read More: https://www.securityweek.com/critical-dolby-vulnerability-patched-in-android/