THREAT OPS › Threat News › A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
<p>Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachme
Attributed threat actors
- Earth LuscaG1006
MITRE ATT&CK techniques
- VulnerabilitiesT1588.006
Indicators of compromise
- CVE-2025-49415cve
- CVE-2025-54957cve
- CVE-2025-36934cve
- 117d27t6tLaVN1dbVWr16tTZs2qb6btc
- 1t45fqE3K82rdDn2D7Lq6hUjZfV1btc
- 1h8EAAAAyAdFYQAAgNskMTFRoaGhbtc
- 3MkQnv2FmyXHnCjXbx4UV988YWbtc
- 3G7aYdym1aNVNy8mVt2rLTmDt46KgaNsgbtc
- 3dKzj4g8nahjuVoRP8EREpCPxkhLZtbtc
- 3bi23W7XiBEjtHPnTqNtg91u149btc
- 1ysWDHrUgkREAEREAGvENCgPkXAeQFbtc
- 16taEkaGBUnPFvUnArdsPRe3y6sZbtc
- 37ygeSB375UCJGfwTxw1ReKy66uHREfbtc
- 1bKNeu5YpWWsweritffj5GVF6zbhkSE9btc
- 3JdQSBq6QwN9JD79CkAQE9PD99btc
- 35Npv62gwac9WbJmM43r1wYg7PGTXMeUUbtc
- https://project-zero.issues.chromium.org/issues/368695689url
- https://www.monkeysaudio.com/url
- https://project-zero.issues.chromium.org/issues/428075495url
- https://project-zero.issues.chromium.org/issues/426567975url
- https://www.etsi.org/deliver/etsi_ts/102300_102399/102366/01.04.01_60/ts_102366v010401p.pdfurl
- https://project-zero.issues.chromium.org/428075495#attachment67118327url
- https://project-zero.issues.chromium.org/428075495#attachment72535031url
- https://android.googlesource.com/platform/frameworks/av/+/22c571b/services/mediacodec/minijail/seccomp_policy/mediacodec-seccomp-arm.policyurl
- https://project-zero.issues.chromium.org/issues/42451420url
Original source: https://projectzero.google/2026/01/pixel-0-click-part-1.html