Security problem in OnePlus devices
Smartphones from OnePlus suffer from a vulnerability that can be exploited, without you as a user realising it. From a report by a cybersecurity firm, it emerges that a so-called exploit has been found that can allow permissions to be bypassed. The problem occurs for recent as well as older devices. It goes back to OxygenOS 12, which was found on the OnePlus 8T, according to the information.
By making changes to the Telephony package, the app became vulnerable to abuse. It allowed any installed application on an affected OnePlus device to access SMS and MMS data, including metadata. This without permission or user interaction. It is impossible for users to see if data has been accessed in this way. Rapid7, the cybersecurity company that reported the leak, tried unsuccessfully to contact OnePlus in recent months. However, there was no response from the manufacturer.
When Rapid7 published about the leak, OnePlus did not respond until days later. 9to5Google received the following response from OnePlus in this regard;
We acknowledge the recent disclosure of CVE-2025-10184 and have implemented a fix. This will be rolled out globally from mid-October via a software update. OnePlus remains committed to protecting customer data and continues to prioritise security improvements.
So this means it will be about two weeks before an update will be available. Rapid7 recommends installing only apps from trusted sources; and uninstalling non-essential apps from your smartphone. If you receive so-called 2FA text messages to log in with two-step verification, it may be wise to switch to an authentication app to avoid receiving a login code via SMS.
