- Google has released the Android Security Bulletin for January 2026, addressing a critical Android vulnerability.
- The vulnerability can be used to trigger a zero-click attack on Android using an audio file.
- While the issue was fixed on Pixel devices last month, we’re still waiting for Google to fix other Pixel bugs, which should have been addressed in a separate Pixel Update for January.
Google has freshly released the Android Security Bulletin for January 2026, listing a critical vulnerability that will be addressed in security updates. The list isn’t quite as long as the December 2025 bulletin, and that is because Google recently moved to publicly disclose a large chunk of security issues in Android on a quarterly basis rather than every month. In fact, the only critical vulnerability listed in the bulletin relates to the Dolby Digital Plus Codec, which is used for playing audio files on Android.
As per Wiz, the vulnerability can allow hackers to manipulate the extra information, also known as evolution data, added to the audio file, which can force the player to crash on a broad range of devices. On Android specifically, it can be used to execute a zero-click attack when you open or receive the specific file via a messenger app.