Google Project Zero just dropped a full 0-click exploit chain for Pixel 9 targeting CVE-2025-54957 in Dolby's audio decoder. Android's AI transcription features auto-decode incoming audio, so attackers just need to send you a malicious RCS message.
#GrapheneOS users aren't immune to the initial bug since it's in Dolby's proprietary blob with its own internal allocator, but hardened_malloc and improved mediacodec sandboxing make privilege escalation significantly harder. Patch to January 2026 security level now!
https://projectzero.google/2026/01/pixel-0-click-part-1.html
Final (nprofile…0md0) any thoughts on this?
Max
npub1kl…lx3vt
2026-01-15 21:15:01 UTC
Author Public Key
npub1klkk3vrzme455yh9rl2jshq7rc8dpegj3ndf82c3ks2sk40dxt7qulx3vtSeen on
wss://relay.azzamo.netPublished at
2026-01-15 21:15:01 UTCEvent JSON
{
"id": "ada49855f83709295f30bdf8404b7bd2d483ed5d4455ba2a688016ba352b3e39",
"pubkey": "b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc",
"created_at": 1768511701,
"kind": 1,
"tags": [
[
"alt",
"A short note: Google Project Zero just dropped a full 0-click ex..."
],
[
"p",
"b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22",
"wss://nostr.mom/"
],
[
"p",
"b98ded4ceaea20790dbcb3c31400692009d34c7f9927c286835a99b7481a5c22",
"wss://nostr.mom/"
],
[
"t",
"GrapheneOS"
],
[
"t",
"grapheneos"
],
[
"r",
"https://projectzero.google/2026/01/pixel-0-click-part-1.html"
]
],
"content": "Google Project Zero just dropped a full 0-click exploit chain for Pixel 9 targeting CVE-2025-54957 in Dolby's audio decoder. Android's AI transcription features auto-decode incoming audio, so attackers just need to send you a malicious RCS message. \n\n#GrapheneOS users aren't immune to the initial bug since it's in Dolby's proprietary blob with its own internal allocator, but hardened_malloc and improved mediacodec sandboxing make privilege escalation significantly harder. Patch to January 2026 security level now!\n\nhttps://projectzero.google/2026/01/pixel-0-click-part-1.html\n\nnostr:nprofile1qqstnr0dfn4w5grepk7t8sc5qp5jqzwnf3lejf7zs6p44xdhfqd9cgspzpmhxue69uhkummnw3ezumt0d5hszrnhwden5te0dehhxtnvdakz7qgawaehxw309ahx7um5wghxy6t5vdhkjmn9wgh8xmmrd9skctcnv0md0 any thoughts on this?",
"sig": "1e86597f62ea68ec33371bb167e6084ad2550f655dcc57a34f836761bbe573b0dcf1c98ee9d4414352e8deb9b2f4cd986dd741183cb0eac53dec9b0fa661dd8f"
}