Full Report
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones. I’ve spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkey’s Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fratric and I reported CVE-2025-54957. This vulnerability is likely in the 0-click attack surface of most Android devices in use today. In parallel, Seth Jenkins investigated a driver accessible from the sandbox the decoder runs in on a Pixel 9, and reported CVE-2025-36934.
Analysis Summary
As a vulnerability research specialist, here is the summarized, actionable intelligence gathered from the provided context regarding the discovered vulnerabilities stemming from increased 0-click attack surfaces in mobile AI features, specifically focusing on audio decoding.
***
# Vulnerability: Dolby Unified Decoder (UDC) Arbitrary Code Execution Leading to 0-Click Exploit Chain
## CVE Details
- CVE ID: CVE-2025-54957
- CVSS Score: *Not specified in the text. Assumed High/Critical given the 0-click context.*
- CWE: *Not specified in the text.*
## Affected Systems
- Products: Dolby Unified Decoder (UDC) component used in Android, integrated into various devices via vendor binaries (e.g., `libcodec2_soft_ddpdec.so` on Pixel 9).
- Versions: Undisclosed specific vulnerable versions, but affects devices running Android operating systems with this decoder integrated.
- Configurations: Vulnerability is reachable when incoming SMS/RCS audio attachments (Dolby Digital/DD+ formats, AC-3/EAC-3) are automatically decoded by Google Messages without user interaction (0-click surface).
## Vulnerability Description
The vulnerability lies within the Dolby Unified Decoder (UDC) when processing DD+ audio bitstreams. Specifically, data read via the `skipl` field (up to 0x1FF bytes) is placed into an internal "skip buffer" containing Extensible Metadata Delivery Format (EMDF) data. The structure of the EMDF parsing, involving variable-length fields based on decoded values (e.g., `emdf_version`, `key_id`), allows an attacker to manipulate the decoder state and likely cause an out-of-bounds write or similar memory corruption when processing structured data within the syncframes. This flaw was exploited to gain arbitrary code execution within the `mediacodec` context on a Pixel 9.
## Exploitation
- Status: **Proof-of-Concept (PoC) available.** The text confirms Project Zero developed a 0-click exploit chain targeting the Pixel 9 utilizing this vulnerability in Part 1.
- Complexity: **Low/Medium** for basic code execution, given the high quality of the bug (memory leak and overwrite capabilities demonstrated).
- Attack Vector: **Network** (via incoming SMS/RCS messages), leading to **Local** execution within the media decoder sandbox.
## Impact
- Confidentiality: High (If utilized as part of an exploit chain, potential for information disclosure)
- Integrity: High (Arbitrary code execution modifies program state)
- Availability: High (Potential for process termination or denial of service)
## Remediation
### Patches
- All discussed vulnerabilities (including CVE-2025-54957) were **fixed as of January 5, 2026.** (Specific patch versions are not detailed).
### Workarounds
- Compiling the UDC binary with compiler mitigations like **`-fbounds-safety`** (which injects array bounds checks) is confirmed to make this specific vulnerability **not exploitable** on Mac/iOS devices where it was applied. This is suggested as a general mitigation technique for media libraries.
## Detection
- **Indicators of Compromise (IoCs):** Not explicitly detailed, likely centered around unusual memory allocations or writes within the media decoder process memory space.
- **Detection Methods and Tools:** Fuzzing media libraries with compiler mitigations enabled (`-fbounds-safety`) could aid in finding similar bugs before exploitation.
## References
- Vendor Advisories: Mentioned fixed as of Jan 5, 2026, implies vendor advisories were released prior to or concurrent with this date.
- Relevant Links:
- Project Zero Article: hxxps://projectzero.google/2026/01/pixel-0-click-part-1.html
- Related CVE (Monkey’s Audio): hxxps://project-zero.issues.chromium.org/issues/368695689
- Related CVE (Driver): hxxps://project-zero.issues.chromium.org/issues/426567975
***
## Additional Related Vulnerabilities Context (For Comprehensive Understanding)
The full exploit chain involved two other vulnerabilities concurrently:
1. **CVE-2025-49415:** Found in the **Monkey’s Audio codec** on Samsung devices (also related to the 0-click audio decoding surface).
2. **CVE-2025-36934:** Investigated by Seth Jenkins on the **Pixel 9 driver** accessible from the decoder sandbox, used in Part 2 of the chain to escalate privileges from the `mediacodec` context to the kernel.