Android users at risk! Your phone can be hacked without clicking on any links or opening any files. Do this immediately..

If you use an Android smartphone, you should be cautious. India's cybersecurity agency, CERT-In, has warned all Android users to update their phones immediately. The agency has discovered a major vulnerability that could allow hackers to execute code on phones and hack them without requiring the user to click on any link or open any file. However, Google's latest security patch has fixed a critical vulnerability related to Dolby audio. Therefore, you should update your phone immediately.

What is this dangerous Dolby vulnerability?
This security vulnerability was related to the Dolby Digital Plus Unified Decoder. It was first identified in October 2025. This bug allowed hackers to execute code on phones without requiring the user to click on any link or open any file. This is why it was called a zero-click vulnerability. According to reports, this problem could affect not only Android but also some Windows devices.

Why did CERT-In issue the warning?
CERT-In issued the CIVN2026-0016 advisory to alert Android users. The agency said that hackers could use this vulnerability to remotely execute arbitrary code on the device. This could corrupt the phone's memory and put personal or office data at risk. According to CERT-In, installing the latest OS update is the easiest way to protect against this threat.

What did Google and Dolby say?
In its security bulletin released on January 5, Google stated that the January update fixes this critical vulnerability. The company also said that the severity of this bug was assessed by Dolby. Dolby, in its advisory, stated that some versions of the DD+ Unified Decoder had an out-of-bounds write issue. Dolby says that this usually caused the media player to crash, but the possibility of its misuse could not be ignored.

How did Project Zero uncover the vulnerability?
Google's Project Zero team, known for its security research, discovered this bug. Researchers reported that this was a zero-click exploit, meaning the attack was possible without any user interaction. It could allow for remote code execution on some Pixel and other Android devices. Following this discovery, Google prioritized the issue and released a fix in the January security patch.

Disclaimer: This content has been sourced and edited from TV9. While we have made modifications for clarity and presentation, the original content belongs to its respective authors and website. We do not claim ownership of the content.