If you are using Oxygenosis 12, 14, or 15 running One Plus smartphone, we have news that you should be about. Earlier this week, CyberScurement firm Rapid 7 revealed that One Plus smartphones running these oxygenus version is a major security defect that can allow SMS and MMS data to access malicious apps on your smartphone without permission.
The firm also said that “the user has not been informed that SMS data is being accessed,” which can cause “sensitive information disclosure and effectively break the security provided by SMS -based multi -factor verification (MFA).”
Rapid 7 examined and confirmed the risk of construction of various One -Plus smartphones and oxygenus, as listed in the table below.
| Device / model | Package version | Oxygosus version | Blood number |
|---|---|---|---|
| OnePlus 8 T / KB2003 | 3.4.135 | 12 | KB2003_11_C.33 |
| OnePlus 10 Pro 5G / Ne2213 | 14.10.30 | 14 | Ne2213_14.0.700 (Ex01) |
| OnePlus 10 Pro 5G / Ne2213 | 15.30.5 | 15 | Ne2213_15.0.502 (ex01) |
| OnePlus 10 Pro 5G / Ne2213 | 15.30.10 | 15 | Ne2213_15.0.700 (Ex01) |
| OnePlus 10 Pro 5G / Ne2213 | 15.40.0 | 15 | Ne2213_15.0.901 (Ex01) |
The CyberScurement firm said that the danger was tracked as CV-2025-10184, introduced as part of oxygenosis 12, as versions of oxygenos 11 were not at risk of this problem.
In addition, while Rapid 7 said the security flaws are “not a specific problem with hardware,” its potential effects are more considered because it affects the basic component of Android, and other one -plus one -pulse devices besides 8T or 10 Pro 5G oxygenosis 12, 14, or 15 other one -pulse devices.
OnePlus 10 Pro 5G
Rapid 7 first contacted One Plus on May 1, 2025, to discuss the issue, and since, it reached OnePlus and Oppo before publicly revealing its results on September 23, 2025. One day later, One Plus responded to Rapid 7, acknowledging that he was investigating the matter.
One Plus 8 t
One Plus 10 Pro
One Plus did not tell Rapid 7 what steps it would take. However, in a statement that is shared with 9TO5GOGLE Later, a spokesman for OnePlus said, “We recognize the recent disclosure of the CV-2025-10184 and have implemented a fix. It will be created globally through the software update starting in mid -October. One Plus is committed to protecting customer data and will continue to prefer security improvement.“
So, what can users of the affected One -Plus devices do by the fix in mid -October?
People in Rapid 7 have advised users of affected One -Plus devices to take the following steps:
- Just install apps from reliable sources and remove all unnecessary apps. This will limit the display of non -confident apps that can bypass this permission to read SMS/MMS data.
- Review that third -party services use SMS -based multi -factor verification (MFA) and use an authentic app instead of changing these services. This will limit the sensitive information sent to your device more than SMS.
- USers for additional confidentiality of text messages, users can use encrypted messenger apps from the end to the end, rather than SMS -based communication. This will limit the sensitive information sent to your device more than SMS.
- For third -party services, which sends SMS -based information, these apps may be transformed into push -push reports. This will limit the sensitive information sent to your device more than SMS.
For more details you can click here to read the full revelation through Rapid 7.
1 Comment
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article. https://accounts.binance.info/register-person?ref=IHJUI7TF