Skip to main content

Your OnePlus phone is probably at risk from a major SMS vulnerability

The OnePlus 13R is just one of many recent OnePlus devices potentially at risk.

The majority of OnePlus phones in use today may be vulnerable to a security flaw that leaves SMS and MMS data exposed, and it won’t be patched until mid-October. Only OnePlus phones still running 2020’s OxygenOS 11 or earlier are believed to be safe from the flaw.

Security company Rapid7 was first to discover the vulnerability, which relates to changes OnePlus made to the Telephony service within Android. The long and short of it is that it would allow installed apps to access SMS data “without permission, user interaction, or consent.” The company found the flaw on devices running OxygenOS 12, 14, and 15, though reported that the older OxygenOS 11, based on Android 11, is not vulnerable. While Rapid7 only tested two types of hardware — the OnePlus 8T and 10 Pro 5G — it says the flaw “affects a core component of Android,” and so is unlikely to be hardware-specific.

OnePlus has admitted to the issue, but in a statement given to 9to5Google by an unnamed spokesperson it says a fix won’t arrive until mid-October at the earliest.

We acknowledge the recent disclosure of CVE-2025-10184 and have implemented a fix. This will be rolled out globally via software update starting from mid-October. OnePlus remains committed to protecting customer data and will continue to prioritize security improvements.

Rapid7 announced the discovery on its blog on Monday this week, but OnePlus didn’t respond until Wednesday. Rapid7 says it tried and failed to contact OnePlus privately to discuss the problem, and only turned to a public disclosure after also ruling out the company’s bug bounty program because of its “restrictive Non Disclosure Agreement.”

Until the flaw is patched, Rapid7 recommends that OnePlus device owners should only install apps from trusted sources, uninstall any unnecessary ones, switch to encrypted messaging apps, and use authenticator apps rather than SMS-based two-factor authentication.



from The Verge https://ift.tt/DjsbJho
Labels:

Comments

Post a Comment

Popular posts from this blog

Pandora Stories lets artists add commentary to their own playlists

Pandora launched Stories today, a tool that lets artists and creators add voice commentary to their own playlists. The Stories feature merges podcasts with music playlists, and is meant for artists to add context to an album, or for podcasters to experiment with new storytelling formats. The feature is part of Pandora AMP, the streaming service’s free Artist Marketing Platform that helps creators promote their work. To kick off the launch, Pandora’s prepared some Stories by artists like John Legend and Daddy Yankee, who tell listeners their personal stories interspersed between their own songs. There’s also a Stories playlist called Love Songs That Aren’t Really Love Songs , which includes commentary on individual songs like a podcast... Continue reading… from The Verge - All Posts https://ift.tt/2Xz1oNc
Post a Comment
Read more

Nomad’s 3-in-1 MagSafe Charger and the Sonos One are down to their best prices

Nomad’s minimalist Base One Max 3-in-1 is on sale for $95. | Image: Nomad Fancy phone chargers are nice, but they’re often too expensive to justify the cost. Nomad’s Base One Max 3-in-1 is one of those rare unicorns that delivers a lot of value for your money, however, thus making it worth the splurge. After all, the device can simultaneously charge a MagSafe-compatible phone, your Apple Watch, and a pair of AirPods (or another Qi-compatible device) — that’s something not even Nomad’s forthcoming Qi2 charger can do. What’s even better is that Nomad is currently selling the hefty, MagSafe-certified charger in both black and silver for its Black Friday price of $95 ($55 off). Designed with metal and glass, Nomad’s minimalist slab will look slick on any desk or bedside table. It’s also powerful, delivering up to... Continue reading… from The Verge - All Posts https://ift.tt/25YJfqR
Post a Comment
Read more

Asus’ foldable laptop goes on sale for $3,499.99

The Asus Zenbook 17 Fold OLED, more or less fully unfolded.  | Photo by Monica Chin / The Verge Asus’ first foray into the world of folding-screen laptops, the Zenbook 17 Fold OLED, is now on sale for $3,499.99, the company has announced . Asus says the laptop is being sold in the US via B&H and Newegg though as of this writing only Newegg seems to have the laptop available for immediate shipping, with B&H listing it as “coming soon.” That aligns with the Q4 target date given to us when we reviewed the laptop in August . At $3,499.99, Zenbook 17 Fold OLED is eye-wateringly expensive, but my colleague Monica Chin points out that it’s the first such device that starts to deliver on the promise of this new form factor. You can either use the laptop with its 17.3-inch 2560 x 1920 screen fully unfolded and paired with a bluetooth keyboard... Continue reading… from The Verge - All Posts https://ift.tt/P4q7sej
Post a Comment
Read more