CERT-In Urges Android Users to Patch Critical Dolby Audio Bug
India’s cybersecurity agency has issued a high-severity alert for a vulnerability in Dolby Audio affecting Android devices, urging immediate installation of the latest security patch.
Key Takeaways
- Vulnerability: CVE-2024-25704 in Dolby Audio component.
- Affected: Android versions 13 and 14.
- Risk: Attackers could gain elevated privileges, take control of devices, and access sensitive data.
- Fix: Google has released a patch in the March 2024 Android Security Bulletin.
Details of the Security Flaw
The Computer Emergency Response Team of India (CERT-In), in its note CIVN-2024-0308, classified the bug as “high” severity. The flaw stems from improper input validation within the Dolby Audio software.
A local attacker could exploit it using a specially crafted app to execute arbitrary code with system-level privileges. Crucially, the exploit requires no additional permissions, making it easier to deploy.
Official Patch and User Action
Google has acknowledged the issue and included the fix in its latest security update. CERT-In advises all Android users, particularly those on Android 13 and 14, to apply updates immediately.
How to update: Go to Settings > System > System update on your device.
Broader Security Context
This advisory is part of CERT-In’s ongoing efforts to identify and mitigate targeting Indian users. The agency regularly flags vulnerabilities in popular software to protect individuals and organizations.
Security experts reinforce the standard advice: keep devices updated, avoid apps from untrusted sources, and be wary of suspicious links to minimize exploitation risks.
