India’s cyber security agency has asked Android smartphone users to install the latest system updates after Google addressed a security issue linked to Dolby audio software. The Indian Computer Emergency Response Team, known as CERT-In, issued the advisory after Google released its January security patch to fix the problem.
CERT-In urges Android users to update their mobile phones after Google fixes a critical Dolby audio security flaw. (Freepik)
According to CERT-In, the flaw affected the Dolby Digital Plus Unified Decoder used in many Android devices. The issue first came to light in October 2025 and allowed unauthorised access to affected systems. In some cases, attackers could run commands on a device without the user taking any action. Reports also indicated that the same weakness affected some Windows systems.
Also read: Google Pixel 10a may launch sooner than expected: Check expected features, price and more
Google included a fix for the Dolby-related issue in its January update. CERT-In said users should apply the update as soon as it becomes available for their devices to reduce the risk of misuse. The advisory applies to all Android users, including individuals and organisations.
How the Dolby Issue Could Affect Users
In its notice, CERT-In explained that attackers could use the flaw to run commands on a targeted device from a remote location. Such access could allow interference with the normal functioning of the phone and could also affect stored data. The agency warned that memory systems could face disruption if the issue remained unpatched.
Google confirmed in its January 5 security bulletin that the update resolves the problem in Dolby-related components. The company said Dolby provided the assessment of the issue. Following this, Dolby released its own advisory explaining the technical cause.
Also read: Apple to fine-tune Gemini and use it quietly behind Siri without Google branding: Report
Dolby stated that certain versions of its DD+ Unified Decoder, including versions 4.5 and 4.13, could write data outside the allowed memory area when processing specific audio streams. This behaviour could allow attackers to gain control over affected devices, including some Google Pixel models and other Android phones.
Findings by Security Researchers
Security researchers from Google’s Project Zero team identified the flaw in October 2025. They found that attackers could trigger the issue without asking users to click links or open media files. This made detection difficult, as the process did not require user interaction.
Also read: 5 Spotify features that other music apps can’t match
Dolby noted that, in many observed cases, the issue caused media applications to stop or restart. The company said it had not seen wide misuse at the time of its advisory. Still, CERT-In stressed that users should not ignore the risk.
The agency urged users to check for updates through their device settings and install the latest version provided by their phone makers. It also advised users to keep automatic updates enabled to receive future security fixes without delay.