{"id":170521,"date":"2025-09-26T11:54:09","date_gmt":"2025-09-26T11:54:09","guid":{"rendered":"https:\/\/www.newsbeep.com\/ca\/170521\/"},"modified":"2025-09-26T11:54:09","modified_gmt":"2025-09-26T11:54:09","slug":"oneplus-phones-hit-by-major-sms-security-flaw-fix-will-take-a-while","status":"publish","type":"post","link":"https:\/\/www.newsbeep.com\/ca\/170521\/","title":{"rendered":"OnePlus phones hit by major SMS security flaw, fix will take a while"},"content":{"rendered":"<p><img class=\"e_ih\" decoding=\"async\" loading=\"eager\"  title=\"oneplus 13 back blue leather hero feature\"  alt=\"The blue leather OnePlus 13 lying on a shelf.\" src=\"https:\/\/www.newsbeep.com\/ca\/wp-content\/uploads\/2025\/07\/oneplus-13-back-blue-leather-hero-feature-scaled.jpg\"\/><\/p>\n<p>Joe Maring \/ Android Authority<\/p>\n<p>TL;DR<\/p>\n<p>OnePlus devices running Oxygen OS 12, 14, and 15 are affected by a serious SMS vulnerability that allows bad apps to secretly read messages.<br \/>\nDevices on Oxygen OS 11 aren\u2019t affected.<br \/>\nOnePlus has acknowledged the flaw, but unfortunately, a fix will only roll out globally starting in October.<\/p>\n<p>If a OnePlus phone is your daily driver, it\u2019s likely affected by a serious vulnerability that can allow bad apps to secretly read your text messages.<\/p>\n<p>Uncovered by cybersecurity firm <a href=\"https:\/\/www.rapid7.com\/blog\/post\/cve-2025-10184-oneplus-oxygenos-telephony-provider-permission-bypass-not-fixed\/\" target=\"_blank\" rel=\"nofollow noopener\">Rapid7<\/a>, the flaw affects a wide range of OnePlus devices running various versions of Oxygen OS. It poses a significant threat to sensitive and personal information received in SMSes, including codes used for two-factor authentication.<\/p>\n<p>What is the vulnerability?<\/p>\n<p>The issue is tracked as CVE-2025-10184. It allows malicious apps on affected OnePlus phones to access SMS and MMS data without user permission, interaction, or notification. This means hackers can potentially spy on private messages or bypass security checks that rely on SMS codes.<\/p>\n<p> Don\u2019t want to miss the best from Android Authority?<\/p>\n<p>Rapid7 tested and confirmed the vulnerability on the OnePlus 8T and OnePlus 10 Pro running Oxygen OS 12, 14, and 15. Because the vulnerability affects a core Android system component, researchers warn it could also affect any other OnePlus device running the aforementioned versions of Oxygen OS, and that its impact could be \u201chigh.\u201d<\/p>\n<p>OnePlus\u2019 response<\/p>\n<p>A little late, but OnePlus has acknowledged the problem and says a fix is on the way. Unfortunately, there\u2019s still a while before it rolls out widely. In a statement shared with <a href=\"https:\/\/9to5google.com\/2025\/09\/25\/oneplus-devices-have-a-big-sms-vulnerability-but-a-patch-is-finally-on-the-way\/\" target=\"_blank\" rel=\"noopener nofollow\">9to5Google<\/a>, the company said:<\/p>\n<p>We acknowledge the recent disclosure of CVE-2025-10184 and have implemented a fix. This will be rolled out globally via software update starting from mid-October. OnePlus remains committed to protecting customer data and will continue to prioritize security improvement.<\/p>\n<p>Rapid7 says it initially tried to contact OnePlus through its bug bounty program but was unable to do so due to restrictive non-disclosure terms. As a result, the company decided to disclose the flaw publicly.<\/p>\n<p>Until the fix is rolled out in October, users on OxygenOS 12 or newer will remain at risk. So ff you\u2019re using a OnePlus phone, it would be wise not to install apps from unknown sources, at least till the fix rolls out.<\/p>\n<p>Thank you for being part of our community. Read our\u00a0<a class=\"c-link\" href=\"https:\/\/www.androidauthority.com\/android-authority-comment-policy\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-stringify-link=\"https:\/\/www.androidauthority.com\/android-authority-comment-policy\/\" data-sk=\"tooltip_parent\">Comment Policy<\/a> before posting.<\/p>\n","protected":false},"excerpt":{"rendered":"Joe Maring \/ Android Authority TL;DR OnePlus devices running Oxygen OS 12, 14, and 15 are affected by&hellip;\n","protected":false},"author":2,"featured_media":170522,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[49,48,283,22686,65201,61],"class_list":{"0":"post-170521","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-technology","8":"tag-ca","9":"tag-canada","10":"tag-cybersecurity","11":"tag-oneplus","12":"tag-oneplus-oxygenos","13":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/170521","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/comments?post=170521"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/170521\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media\/170522"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media?parent=170521"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/categories?post=170521"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/tags?post=170521"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}