A 0-click exploit chain for the Pixel 9, part 1: Decoding Dolby

Lots of interesting gems in this series. E.g., Apple devices enforce bounds checking, they compile this third party code with -fbounds-safety, a compiler flag they have invented for this specific purpose.

Also, all vendors at first applied a lower severity than "critical", because the exploit chain "requires another bug". An unfortunately useful strategy for attackers too.

Part 2: Cracking the sandbox with a big wave

Part 3: Where do we go from here?