Patchday: Dolby Digital security vulnerability in Android closed
Android devices are vulnerable to a zero-click attack. This security issue has now been resolved.
(Image: Primakov/Shutterstock.com)
When attackers manage to slip a specific, prepared sound file to victims using Android, it can lead to errors and crashes. Even receiving such a file can cause problems because Android locally decodes audio messages for transcription, thus enabling a zero-click attack. This vulnerability has been known since October of last year and has already been closed in Windows, among other systems. Now, the security update is also available for Android devices.
Vulnerability in Android critical?
The vulnerability (CVE-2025-54957 “medium”) affects the processing of Dolby Digital Plus bitstreams. If attackers manipulate such sound files, it leads to a memory error, which in turn causes crashes. In such a context, malicious code can often also find its way onto systems. Whether this is also possible in this case is currently unclear. There are no reports yet that attackers are already exploiting the vulnerability.
Videos by heise
Security researchers from Google's Project Zero discovered the vulnerability. Since then, there have also been security updates for Windows and others. Because Android locally decodes audio messages for transcription, a zero-click attack can occur. This means that the mere reception of a prepared audio file can cause damage without any action from a victim. This is obviously also the reason the Android developers classify the vulnerability as “critical” in a warning message.
Anyone who owns an Android device that is still supported should ensure that the current patch level 2026-01-05 is installed. This can be checked in the settings. In addition to Google, Samsung (see box) and others also provide monthly security updates for selected devices for download.
Since July 2025, Google has only been closing particularly threatening security vulnerabilities monthly. The remaining patches are provided quarterly.
(des)
