"Earlier this week, cybersecurity firm Rapid7 revealed that OnePlus smartphones running these OxygenOS versions have a major security flaw that could allow malicious apps access to SMS and MMS data on your smartphone without permission, user interaction, or consent. The firm also said that the "user is also not notified that SMS data is being accessed," which "could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks.""
"The cybersecurity firm stated that this vulnerability, tracked as CVE-2025-10184, was introduced as part of OxygenOS 12, as the versions of OxygenOS 11 it tested were not vulnerable to this issue. Moreover, while Rapid7 said that this security flaw "does not seem to be a hardware-specific issue," its potential impact is considered to be high as it affects a core component of Android, and OnePlus devices other than the 8T or 10 Pro 5G running OxygenOS 12, 14, or 15 could also be vulnerable to it."
OnePlus smartphones running OxygenOS 12, 14, or 15 contain a security flaw (CVE-2025-10184) that can allow malicious apps to access SMS and MMS data without permission, user interaction, or notification. Rapid7 tested and confirmed the vulnerability across multiple OnePlus models and OxygenOS builds and found that OxygenOS 11 builds tested were not vulnerable. Rapid7 noted the flaw appears not to be hardware-specific and rated its potential impact as high because it affects a core Android component and could compromise SMS-based multi-factor authentication. Rapid7 contacted OnePlus and Oppo beginning May 1, 2025; public disclosure occurred September 23, 2025. OnePlus stated a global software update fix will roll out starting mid-October.
Read at GSMArena.com
Unable to calculate read time
Collection
[
|
...
]