Researchers from Google’s Project Zero identified a vulnerability tracked as CVE-2025-54957 affecting Dolby’s Unified Decoder Component, specifically impacting Android devices like Google Pixel and Samsung smartphones, as well as Windows systems. This vulnerability allows attackers to execute code remotely through audio messages, requiring no user interaction.
The core issue arises from improper handling of evolution data in Dolby Digital Plus audio streams, leading to a buffer overflow. When malformed data is processed, it can lead to adjacent memory areas being overwritten, which attackers could exploit to run arbitrary code. Dolby has acknowledged the risk and advised users to be vigilant, especially in light of potential chaining with other vulnerabilities.
To mitigate the risks associated with this vulnerability, users are urged to avoid unsolicited audio files, maintain up-to-date device firmware, and install security updates promptly. These measures are essential for protecting devices from potential exploits that leverage this critical flaw in audio processing.
👉 Pročitaj original: Malware Bytes
