The chain starts with decoding audio in messages and ends with output to the kernel level.
You don't even have to open the message or press "play," and your phone will already begin parsing the attachment in the background, displaying the transcript or making it searchable. While convenient, it's precisely these automatic features that turn ordinary correspondence into an attack surface, where an attacker can simply send a specially crafted file.
Researchers at Google Project Zero have published an analysis of the complete 0-click exploitation chain for the Google Pixel 9: from remote code execution during media decoding to kernel-level exploitation. The three-part series describes how vulnerabilities in audio processing and drivers can converge to create a scenario in which the victim doesn't need to take any action. According to Project Zero, patches for the vulnerabilities in this chain became available in updates released on January 5, 2026.
A key development in recent years is that "smart" features on smartphones have begun to proactively analyze message content. Specifically, Google Messages can automatically decode incoming audio attachments received via SMS and RCS to transcribe them without user intervention. As a result, audio decoders themselves, including rarely used ones, are exposed to zero-click vulnerability on most Android devices.
The first step in the chain involves the Dolby Unified Decoder (UDC), a library for Dolby Digital and Dolby Digital Plus (AC-3 and EAC-3), which is built into the firmware of many manufacturers. Project Zero demonstrates how vulnerability CVE-2025-54957 in metadata processing (EMDF) allows for memory corruption and ultimately code execution within the mediacodec context, i.e., within the isolated media decoding process on the Pixel 9.
But even a sandboxed media decoder doesn't always mean the attack stops there. In the second part, Project Zero describes how mediacodec was able to access the /dev/bigwave driver, which is accessible from this context and is related to AV1 acceleration on the Pixel chip, and exploit the CVE-2025-36934 vulnerability to bypass restrictions and obtain kernel-level primitives.
The researchers also emphasize that not only the technique but also the economics of the attack are impressive: they estimate that developing an exploit for the Dolby vulnerability took approximately eight man-weeks, while the basic proof-of-concept for the driver component required approximately three weeks. Moreover, the exploit chain relied on just two defects, rather than a long chain of multiple bugs, and in practice, much depends on how quickly the ecosystem delivers patches to users. In the third part, Project Zero also cites some unsettling figures regarding patch timelines: the UDC vulnerability was reported to Dolby on June 26, 2025, publicly disclosed on October 15, 2025, Samsung, according to their data, released a patch on November 12, 2025, and the Pixel only received the update on January 5, 2026. This means the issue remained public and unpatched on the Pixel for dozens of days, and the update path for third-party components like UDC is more difficult to speed up using Android, as the library isn't shipped as part of a system updated through mechanisms like APEX.
The practical takeaway for owners of the Pixel 9 and other Android smartphones is extremely boring, but crucial: ensure you have installed the latest January 2026 security updates and all current updates for apps that handle messaging and media. And platform vendors and developers, as Project Zero notes, will have to be more mindful of what new "smart" features are silently expanding the 0-click attack surface, and reduce the number of decoders and drivers accessible from remotely accessible contexts.
You don't even have to open the message or press "play," and your phone will already begin parsing the attachment in the background, displaying the transcript or making it searchable. While convenient, it's precisely these automatic features that turn ordinary correspondence into an attack surface, where an attacker can simply send a specially crafted file.
Researchers at Google Project Zero have published an analysis of the complete 0-click exploitation chain for the Google Pixel 9: from remote code execution during media decoding to kernel-level exploitation. The three-part series describes how vulnerabilities in audio processing and drivers can converge to create a scenario in which the victim doesn't need to take any action. According to Project Zero, patches for the vulnerabilities in this chain became available in updates released on January 5, 2026.
A key development in recent years is that "smart" features on smartphones have begun to proactively analyze message content. Specifically, Google Messages can automatically decode incoming audio attachments received via SMS and RCS to transcribe them without user intervention. As a result, audio decoders themselves, including rarely used ones, are exposed to zero-click vulnerability on most Android devices.
The first step in the chain involves the Dolby Unified Decoder (UDC), a library for Dolby Digital and Dolby Digital Plus (AC-3 and EAC-3), which is built into the firmware of many manufacturers. Project Zero demonstrates how vulnerability CVE-2025-54957 in metadata processing (EMDF) allows for memory corruption and ultimately code execution within the mediacodec context, i.e., within the isolated media decoding process on the Pixel 9.
But even a sandboxed media decoder doesn't always mean the attack stops there. In the second part, Project Zero describes how mediacodec was able to access the /dev/bigwave driver, which is accessible from this context and is related to AV1 acceleration on the Pixel chip, and exploit the CVE-2025-36934 vulnerability to bypass restrictions and obtain kernel-level primitives.
The researchers also emphasize that not only the technique but also the economics of the attack are impressive: they estimate that developing an exploit for the Dolby vulnerability took approximately eight man-weeks, while the basic proof-of-concept for the driver component required approximately three weeks. Moreover, the exploit chain relied on just two defects, rather than a long chain of multiple bugs, and in practice, much depends on how quickly the ecosystem delivers patches to users. In the third part, Project Zero also cites some unsettling figures regarding patch timelines: the UDC vulnerability was reported to Dolby on June 26, 2025, publicly disclosed on October 15, 2025, Samsung, according to their data, released a patch on November 12, 2025, and the Pixel only received the update on January 5, 2026. This means the issue remained public and unpatched on the Pixel for dozens of days, and the update path for third-party components like UDC is more difficult to speed up using Android, as the library isn't shipped as part of a system updated through mechanisms like APEX.
The practical takeaway for owners of the Pixel 9 and other Android smartphones is extremely boring, but crucial: ensure you have installed the latest January 2026 security updates and all current updates for apps that handle messaging and media. And platform vendors and developers, as Project Zero notes, will have to be more mindful of what new "smart" features are silently expanding the 0-click attack surface, and reduce the number of decoders and drivers accessible from remotely accessible contexts.
