The January 2026 Android replace patches a single vulnerability, a essential Dolby audio decoder problem whose existence got here to gentle in October 2025.
The flaw, tracked as CVE-2025-54957, was described on the time of its disclosure as a medium-severity out-of-bounds write problem impacting the extensively used Dolby Digital Plus (DD+) Unified Decoder.
The vulnerability, exploitable utilizing specifically crafted media recordsdata, was found by Google researchers and reported to Dolby in June 2025, with a patch launched in September.
The vulnerability began making headlines in October, after Google made public technical particulars and Microsoft introduced patching the safety gap in Home windows.
Generally, the vulnerability can result in a crash or restart, which Google researchers have demonstrated on Pixel 9, Samsung S24, MacBook Air M1, and iPhone 17 Professional units.
Nonetheless, the researchers found that zero-click distant code execution might be achieved on Android units. In consequence, a essential severity score has been assigned to CVE-2025-54957 on Android.
“On Android OS, audio attachments and voice messages are decoded regionally; due to this fact, the flaw might be exploited with none person interplay,” defined Adam Boynton, senior safety technique supervisor at cellular gadget administration and safety agency Jamf.
Google included a patch for the flaw in its December 2025 replace for Pixel telephones, and the tech big has now rolled out a patch for all Android units.Commercial. Scroll to proceed studying.
The January 2026 Android safety bulletin doesn’t describe some other vulnerability. No Pixel, Android Automotive OS, or Put on patches have been launched this month.
Associated: Android Zero-Days Patched in December 2025 Safety Replace
Associated: Landfall Android Spyware and adware Focused Samsung Telephones by way of Zero-Day
Associated: Pixnapping Assault Steals Knowledge From Google, Samsung Android Telephones
