Pixel 9 Zero-Click Exploit: How a Single Audio Message Can Compromise Your Phone

Someone sends you an audio message. You don’t open it, you don’t play it, you don’t even look at your phone. And you’re already hacked. 😏 Google Project Zero just published a three-part series this week showing exactly how they built a working exploit chain for the Pixel 9. No clicks required and no interaction at all. Just receive a message and your phone is compromised.

CVE-2025-54957

The vulnerability sits in Dolby’s audio decoder, a component that ships on almost every Android phone sold today. Pixel, Samsung, and dozens of other brands all use it. When someone sends you an audio message through SMS or RCS (the default messaging on most Android phones), your phone automatically decodes it for transcription. Before you even see the notification, the malicious code is already running.

The reason this attack works without any interaction is because Android added AI-powered transcription. Your phone now automatically decodes every incoming audio message so it can transcribe it for you and make your messages searchable. Convenient? Sure. But it also means audio decoders are now directly exposed to anyone who can send you a message. Google Project Zero said it clearly: “The explosion of AI-powered features on mobile phones has the potential to greatly increase their 0-click attack surface.”

The researchers didn’t stop at running code in the audio decoder. They chained it with a second vulnerability (CVE-2025-36934) in a driver called BigWave, which handles hardware video decoding on Pixel phones. That gave them kernel access and full control over the entire device.

With full kernel access, an attacker owns your device. They can read your messages, access your photos, activate your camera or microphone, and send data to external servers. All without a single notification or indicator on your screen.

The researchers used Google’s own AI to help build the exploit. They copy-pasted their exploit code into Gemini and asked it to generate syscall wrappers. After four or five attempts of feeding compilation errors back into the AI, Gemini produced working code. Their exact words: “This provides some insight into how attackers might be able to use (or more likely are already using) LLMs to make their exploit process more efficient.” Google’s AI helped hack Google’s phone.

The Dolby vulnerability was found in less than two days during a team hackathon. The kernel bug took less than one day of code review.

The timeline is embarrassing.

• June 26, 2025: Google reports the bug to Dolby
• September 18, 2025: ChromeOS gets patched
• October 15, 2025: Bug goes public (after 90 days per disclosure policy)
• November 12, 2025: Samsung releases a patch
• January 5, 2026: Pixel finally gets patched

That’s 139 days from report to first mobile patch. The bug was PUBLIC for 82 days before Pixel users got a fix. Anyone with the technical skills could have built an exploit during that window. As of now, there are no confirmed reports of this vulnerability being exploited in the wild, and no weaponized exploits have been spotted on underground forums. But with the technical details now public, that window is closing fast.

iOS and macOS compile the same Dolby code with a flag called -fbounds-safety. It automatically adds memory checks that prevent this exact type of overflow. Android doesn’t use this flag, so the same vulnerable code leads to a completely different outcome. Same library, same bug, but Apple’s compiler catches it and Android’s doesn’t.

Pixel 8 and newer phones have hardware memory protection called MTE that could stop exploits like this. But Google ships it turned off by default. You only get protection if you manually enable “Advanced Protection” mode. Most users never do.

Devices confirmed vulnerable:

• → Google Pixel 9
• → Samsung S24
• → Most Android phones with Dolby audio (which is almost all of them)
• → Windows systems with Dolby UDC 4.5 through 4.13 (requires user to play file)

What can you do?

Check your Android security patch level. Go to Settings → About Phone → Android Security Update. If it says anything before January 5, 2026, you’re still vulnerable and should update immediately if a patch is available.

If you can’t update yet, consider disabling RCS in your messaging app settings until you can. Go to Messages → Settings → RCS chats → Turn off. Keep in mind that SMS audio messages can also trigger this, so updating remains the only real fix.

This is why zero-click exploits are so dangerous. Traditional security advice says don’t click suspicious links, don’t download unknown files, don’t open attachments from strangers. None of that helps when receiving a message is enough to compromise your device.

The attack surface is your inbox, and your phone checks it automatically without asking you first. AI features made it worse. And the tools to exploit it are getting easier to build.

Hacking is not a hobby but a way of life. 🎯