Cybersecurity researchers have discovered Potentially serious vulnerability This will subject the vast majority of mobile phones at risk OnePlus Modern. According to Rapid7, brand smartphones, which perform 12 and last oxygen, are exposed to this failure that has not yet been resolved.
In particular, experts indicated that OnePlus introduced modifications in telephony, one of the main suppliers of Android content and that he is responsible for access to text messages (SMS) and multimedia (MMS) and their corresponding metadata, among other problems.
According to the proposed explanation, the problem is to manage permits for reading and writing, since OnePlus would not include the second. “If the attribute of permission for the supplier is not determined, and the supplier clearly does not indicate a permit for reading/writing, permission is considered zero and, therefore, any client can perform this type of operation with a supplier,” experts say.
What does it mean? That the vulnerability that was discovered Can read SMS and MMS devices – and their corresponding metadata – “without permission, interaction or consent” of the userField
This safety failure can be Very harmful For quite obvious reasons. Many people still use codes that SMS are sent to resolve actions in services with a two -stage check or double authentication. Therefore, malicious entities can intercept this information and cause serious damage. In addition, in countries where SMS is still used as a daily communication route, general information can be compromised in them.
Unresolved safety failure affects modern OnePlus
A curious thing in this situation is that it affects OnePlus mobile phones over the past 5 years. From Rapid7 they explain that safety failure It was discovered from oxygen 12Which made his debut in 2021. Experts also found it in oxygen boats 14 and oxygen 15, But not in oxygen 11Field
Thus, those who have a mobile OnePlus, which still performs this version of the Android operating system, which was launched in 2020, are protected from this vulnerability. Usually this is the opposite, and obsolete devices are usually the main, prone to important safety gaps.
Cybersecurity experts tried to contact OnePlus in a private order to inform him of this failure. However, the efforts that began in May had no answer. Experts also explained that although the manufacturer has a rewarding program for error messages, they did not participate in “restrictive conditions and confidentiality conditions”.
After the distribution of the report, OnePlus recognized the reliability of vulnerability. You also promised to propose a resolution, Although it will be arrived only in OctoberThis was a representative of the company 9to5google:
“We recognize the recent distribution of CVE-2025-10184, and we implemented a decision. This will be implemented all over the world by updating software since mid -October. OnePlus supports its commitment to protecting the data of its customers and will continue to determine priority security improvements. ”
At the moment, experts recommend Do not install applications from unknown sources And remove those that are not needed. We will remain attentive to more news.
Source: Hiper Textual
I’m Ben Stock, a highly experienced and passionate journalist with a career in the news industry spanning more than 10 years. I specialize in writing content for websites, including researching and interviewing sources to produce engaging articles. My current role is as an author at Gadget Onus, where I mainly cover the mobile section.
