Google Project Zero details a sophisticated 0-click exploit chain targeting the Pixel 9 through a vulnerability (CVE-2025-54957) in the Dolby Unified Decoder. The exploit leverages an integer overflow in EMDF payload processing to achieve arbitrary code execution in the mediacodec context. The attack chain involves manipulating heap allocations, bypassing ASLR through probabilistic techniques, and using ROP gadgets to ultimately write shellcode via /proc/self/mem. The vulnerability affects most Android devices and was triggered automatically when audio attachments are received via SMS/RCS for AI-powered transcription features.
Table of contents
The Dolby Unified DecoderThe BugDecoder Memory LayoutWrite what where?Extending the evo heapControlling PCNon-contiguous OverwritesOverwriting payload_extraCalling Controllable FunctionsWhat’s the plan, (Seth and) Jann?The ExploitHow reliable is this exploit?Reflections on MitigationsThe Next StepSort: