The Indian Computer Emergency Response Agency (CERT-In) has just issued a network security warning, requesting Android smartphone users to urgently install the latest system update after Google patched a serious vulnerability related to Dolby audio software.
According to CERT-In, this vulnerability exists in the Dolby Digital Plus (DD+) Unified Decoder decoder, a component widely integrated on many Android devices.
The problem was discovered by security researchers in October 2025 and is assessed to be highly risky due to the possibility of being exploited remotely.
In the official recommendation, CERT-In states that the vulnerability allows attackers to illegally access affected devices and in some cases can execute remote commands without the user having to perform any operations.
This means that the phone may be secretly hacked, causing interruption of operation, leaking or destroying stored data on the device.
Google has confirmed the incident in the January Android security bulletin and released a patch in the security update package. CERT-In emphasizes that this recommendation applies to all Android users, from individuals to organizations, as Dolby Decoder is a popular component in the Android ecosystem.
Explaining further the technical reason, Dolby said that some specific versions of the DD+ Unified Decoder decoder, including versions 4.5 and 4.13, can record data beyond the allowed memory area when processing certain sound streams.
This memory overflow error can be exploited to take control of the device, affecting some Google Pixel models and many other Android phones.
Security researchers from Google's Project Zero group, the unit that discovered the vulnerability, said that the most dangerous point of the incident lies in the fact that the attacker does not need to force users to click on links or open malicious multimedia files.
Exploitation can take place completely automatically, making it very difficult for users to recognize that the device is being attacked.
Dolby said that in the recorded cases, this error mainly causes multimedia applications to hang or restart automatically, and no signs of widespread exploitation have been detected.
However, CERT-In warns users not to be subjective, because such vulnerabilities are often quickly exploited by hackers after technical information is released.
To minimize risks, CERT-In recommends that users check the update through the system installation section and immediately install the latest software version provided by the manufacturer.
At the same time, users should turn on automatic updates to ensure important security patches are installed promptly in the future.
