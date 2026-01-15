CERT-In flags Dolby audio bug, urges Android users to install the latest patch
Android users may face potential risks from this flaw. CERT-In urges immediate updates after Google releases a security patch to prevent remote exploits.
India’s cyber security agency has asked Android smartphone users to install the latest system updates after Google addressed a security issue linked to Dolby audio software. The Indian Computer Emergency Response Team, known as CERT-In, issued the advisory after Google released its January security patch to fix the problem.
According to CERT-In, the flaw affected the Dolby Digital Plus Unified Decoder used in many Android devices. The issue first came to light in October 2025 and allowed unauthorised access to affected systems. In some cases, attackers could run commands on a device without the user taking any action. Reports also indicated that the same weakness affected some Windows systems.
Google included a fix for the Dolby-related issue in its January update. CERT-In said users should apply the update as soon as it becomes available for their devices to reduce the risk of misuse. The advisory applies to all Android users, including individuals and organisations.
How the Dolby Issue Could Affect Users
In its notice, CERT-In explained that attackers could use the flaw to run commands on a targeted device from a remote location. Such access could allow interference with the normal functioning of the phone and could also affect stored data. The agency warned that memory systems could face disruption if the issue remained unpatched.
Google confirmed in its January 5 security bulletin that the update resolves the problem in Dolby-related components. The company said Dolby provided the assessment of the issue. Following this, Dolby released its own advisory explaining the technical cause.
Dolby stated that certain versions of its DD+ Unified Decoder, including versions 4.5 and 4.13, could write data outside the allowed memory area when processing specific audio streams. This behaviour could allow attackers to gain control over affected devices, including some Google Pixel models and other Android phones.
Findings by Security Researchers
Security researchers from Google’s Project Zero team identified the flaw in October 2025. They found that attackers could trigger the issue without asking users to click links or open media files. This made detection difficult, as the process did not require user interaction.
Dolby noted that, in many observed cases, the issue caused media applications to stop or restart. The company said it had not seen wide misuse at the time of its advisory. Still, CERT-In stressed that users should not ignore the risk.
The agency urged users to check for updates through their device settings and install the latest version provided by their phone makers. It also advised users to keep automatic updates enabled to receive future security fixes without delay.