If you’re using a OnePlus smartphone, there’s an urgent security alert you need to know about. Cybersecurity firm Rapid7 has discovered a flaw in OxygenOS 12, 14, and 15 that allows malicious apps to read your SMS and MMS data without permission or notifications.
This vulnerability poses serious risks, as SMS often contains banking alerts, private chats, and authentication codes. Attackers could potentially bypass SMS-based Multi-Factor Authentication (MFA), putting sensitive accounts at risk.
Affected Devices:
- OnePlus 8T (OxygenOS 12, build KB2003_11_C.33)
- OnePlus 10 Pro 5G (OxygenOS 14 & 15, multiple builds)
The issue, tracked as CVE-2025-10184, does not affect OxygenOS 11 and appears to be tied to Android components rather than hardware, meaning more devices could be at risk.
READ MORE:
Google Brings Floating Search Bar to Windows PCs for Faster Searches
OnePlus Response:
Rapid7 reported the flaw on May 1, 2025, but went public on September 23 after no clear updates. OnePlus has since confirmed the issue and announced that a fix will roll out globally in mid-October.
What Users Should Do Now:
- Install apps only from trusted sources.
- Avoid SMS-based MFA; use authenticator apps instead.
- Use encrypted messaging apps like Signal or WhatsApp.
- Enable push notifications for services instead of SMS alerts.
Bottom Line:
Until the October patch arrives, OnePlus users should take precautions to protect sensitive data. Even top smartphone brands can face vulnerabilities, making it vital to stay proactive about security.
