Today, Project Zero released a 0-click exploit chain for the Pixel 9.

Gast

Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.

https://projectzero.google/2026/01/pixel-0-click-part-1.html

0x00string@infosec.exchange

@natashenka sick

Gast

The first bug in the chain is CVE-2025-54957, a memory corruption bug in the Dolby Unified Decoder, an audio codec integrated by most Android devices’ OEMs. It is 0-click because incoming SMS and RCS audio messages are automatically transcribed by the system.

0x00string@infosec.exchange

@natashenka rekttttt

Gast

The second bug, CVE-2025-36934, is a driver UaF which only affects the Pixel 9, but Project Zero has found many other bugs with similar impact affecting other devices over the past couple years.

Gast

Remarkably, iOS also integrates the UDC in a 1-click context, but this bug is not exploitable, because the codec is compiled with -fbounds-safety, which inserted bounds checking instructions, making the bug unreachable.

Gast

We hope this flag makes it out of Clang experimental, and more vendors start using it!

https://clang.llvm.org/docs/BoundsSafety.html

Gast

IMO, the biggest takeaway from this research is the huge promise shown by memory mitigations, both hardware and software, in protecting users against 0-days.

Gast

IMO, the biggest takeaway from this research is the huge promise shown by memory mitigations, both hardware and software, in protecting users against 0-days.

Gast

Attack surface reduction is also important— the UDC is largely used by commercial media like TV shows, most devices don’t even have an encoder.

Does it really need to be 0-click?

Gast

Supply-chain issues also played a role: both vulnerabilities were patched very slowly, due to a variety of factors including bug prioritization, licensing and communication between vendors.

Gast

@natashenka Quite the testimonial!

Gast

Make sure to check out the full series here: https://projectzero.google/2026/01/pixel-0-click-part-1.html

Gast

@natashenka Great research and thank you for the 3 part write-up! I had a couple questions.

- Would android advanced protection mode's have protected against some of this? E.g, the automatic transcription of incoming audio files?
- Would MTE have saved some useful roll in this on supporting Pixel phones?

Gast

@natashenka wait, it transcribes them *by default* in the background? if so, that is an absolutely ridiculous attack surface to expose.

Gast

@natashenka There always seems to be so much pushback on removing functionality. While turning it into a 1-click would help some (especially if the sender isn't in your contacts!), I'd be more curious to see if it could be very tightly sandboxed. (And if not... why not? Tight sandboxing of media libraries with limited kernel attack surface seems like a platform primitive that is broadly useful.) Or cross compiled to wasm - performance of an edge case scenario shouldn't be a concern.

Gast

@natashenka Can the Google Messages audio-parsing feature that is causing this be disabled? I did not consent to any "AI"/semantic content introspection being done by Google on ANYTHING on my phone, and have been trying to disable all such features as I find them (but of course software vendors constantly adding more such features and they are always on by default)

Gast

@natashenka That feels a lot like Microsoft's SAL: https://learn.microsoft.com/en-us/cpp/code-quality/using-sal-annotations-to-reduce-c-cpp-code-defects?view=msvc-170. The big question is, how do we ensure portability to multiple compilers. Could we standardize that, please?

Gast

@natashenka great

Gast

@natashenka I don't know that a single click matters, unless you design it well. See also https://infosec.exchange/@adamshostack/115884932482637376