🦠 Ransomware & Malware

Pixel 9's Dolby Decoder: The 0-Click Path Project Zero Just Paved Wide Open

A single SMS audio file. Zero taps. Full code execution on Pixel 9. Project Zero didn't just find bugs—they chained them into a nightmare for Android's vaunted security.

Marcus Rivera 📅 Apr 02, 2026 ⏱️ 3 min read 👁️ 0 views
Pixel 9 displaying Google Messages with incoming audio attachment and overlaid exploit code visualization

⚡ Key Takeaways

  • Project Zero chained Dolby decoder RCE to kernel priv-esc on Pixel 9 via SMS audio—no user interaction.
  • Dolby's skip buffer in DD+ allows spec-compliant overflows, hitting most Androids with UDC blobs.
  • AI features like auto-transcription massively expand 0-click surface; media vulns demand priority fixes.

🧠 What's your take on this?

Cast your vote and see what Threat Digest readers think

Marcus Rivera
Written by

Marcus Rivera

Tech journalist covering AI business and enterprise adoption. 10 years in B2B media.

#0-click attack #Dolby UDC #Dolby decoder CVE #Pixel 9 exploit #Project Zero

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Google Project Zero

Related Stories

📬

Stay in the loop

The week's most important stories from Threat Digest, delivered once a week.

No spam. Unsubscribe any time.