Android Security Bulletin January 2026 Release
Google has published the Android Security Bulletin for January 2026, detailing security updates, including one critical vulnerability. The bulletin's reduced length compared to December 2025 is attributed to Google's recent shift towards quarterly public disclosure for a significant number of Android security issues.
Critical Vulnerability Details
The sole critical vulnerability listed in the January bulletin is associated with the Dolby Digital Plus Codec, which is used for audio file playback on Android devices. According to Wiz, this vulnerability allows attackers to manipulate 'evolution data' embedded within an audio file. Such manipulation can lead to forced application crashes across a wide array of devices. Specifically on Android, this flaw can be exploited to execute a zero-click attack if a specially crafted file is opened or received via a messenger application.
Patching and Device Updates
Google has incorporated the patch for this vulnerability into Android's source code. Device manufacturers will subsequently integrate these fixes into their respective security updates, a process that may involve varying timelines for deployment.
For Pixel devices, Google had already addressed this particular vulnerability with the December security update. Consequently, a separate Pixel-specific security update was not released in January 2026 for this issue.
Unaddressed Pixel Issues
Despite the fix for the audio vulnerability, other known bugs continue to affect Pixel phones. These include reports of unresponsive displays on the Pixel 10. Google's update release schedule is not fixed, and updates can be deployed at different times throughout the month. Users are advised to install the latest available security updates for their Android devices.