All news with #oneplus tag

Threatsday Bulletin: Rootkits, Supply Chain, and Arrests

🛡️ SonicWall released firmware 10.2.2.2-92sv for SMA 100-series appliances to add file checks intended to remove an observed rootkit, and moved SMA 100 end-of-support to 31 October 2025. The bulletin also flags an unpatched OnePlus SMS permission bypass (CVE-2025-10184), a GeoServer RCE compromise affecting a U.S. federal agency, and ongoing npm supply-chain and RAT campaigns. Defenders are urged to apply patches, rotate credentials, and enforce phishing-resistant MFA.

Unpatched OnePlus flaw exposes SMS data to rogue apps

🔒 Rapid7 disclosed an unpatched vulnerability in OnePlus's OxygenOS (CVE-2025-10184) that allows any installed app to access SMS content and metadata without SMS permissions. The fault arises from modified Telephony content providers whose manifests omit a required write permission and accept unsanitized input. By abusing a blind SQL-injection vector an attacker can infer SMS text one character at a time. OnePlus has acknowledged the report and is investigating; users should minimize installed apps and avoid SMS-based 2FA.