Overview
- India’s cybersecurity agency published advisory CIVN–2026-0016 on January 14 classifying the flaw as high risk for all Android users.
- The vulnerability stems from a buffer overflow in Dolby Digital Plus decoding that can corrupt memory and enable arbitrary code execution.
- Google’s January 5 security bulletin includes a fix provided by Dolby, with protection delivered via Android security patch level 05-01-2026 or later.
- CERT-In urges users to check device settings for updates from their phone maker and install the latest OS release as soon as it becomes available.
- Dolby and researchers say certain DD+ Unified Decoder versions 4.5 through 4.13 are affected, and some attacks may require no user interaction.