If you use Android smartphone, then this news is very important for you. India’s cyber security agency, CERT-In, has issued an alert to Android users about a serious threat. According to the information, phones can be hacked even without clicking any link or downloading any file. This means that hackers can access the phone without any fault of the user. The good news is that this flaw has been fixed in Google’s latest security update, but it is important that you update your phone immediately.
This dangerous flaw was related to Dolby Audio
This serious security flaw was related to the Dolby Digital Plus Unified decoder. It was first identified in October 2025. The scariest aspect of this bug was that hackers were able to run code on the phone without any interaction. No link, no message, no file – just infiltration of the system. That’s why it was called zero-click vulnerability. Reports also revealed that this problem was not limited to Android only, but could also affect some Windows devices.
Why did CERT-In raise the alarm?
CERT-In has issued an advisory regarding this vulnerability, named CIVN2026-0016. According to the agency, cyber criminals could take advantage of this bug to remotely run arbitrary code on the device. This could damage the phone’s memory and put sensitive data, from personal to office-related information, at risk. CERT-In has clearly said that the easiest and safest way to avoid this threat is to install the latest operating system and security patches on your phone.
Google and Dolby’s response
Google said in its security bulletin released on January 5 that this serious flaw has been completely fixed in the January update. According to the company, the severity of this bug was assessed by Dolby. Dolby said in its advisory that some versions of the DD+ unified decoder had an “out-of-bounds write” vulnerability. Typically, the impact of this flaw was limited to crashing media players, but if misused, the damage could be much worse.
How Project Zero discovered this flaw
This entire matter was exposed by Google’s famous security research team, Project Zero. Researchers said that this was an exploit that did not require any user interaction. It allowed remote code execution on some Pixel and other Android devices. After this discovery, Google took this matter seriously and released a fix in the January security patch. If you are using an Android phone and have not updated yet, then do not delay. A small update can save your phone, data and privacy from a major cyber threat.
