Wednesday, May 14, 2025
Follow us On Linkedin
HomeVulnerabilityOnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader...

OnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader is Locked

Vulnerability

Published on

By Gurubaran
OnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader is Locked

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A critical OnePlus 6 vulnerability discovered that could allow booting the phone with a modified image and can get administrator privileges even if the bootloader is completely locked and in secure mode.

This OnePlus 6 Vulnerability discovered by Jason Donenfeld of Edge Security, according to the researcher the vulnerability could be exploited by the attacker if they physical access to a OnePlus 6 device.

A bootloader manages and executes the boot sequence, it ensures that you are loading with the genuine software. It is an encrypted security measure and all the Android phones shipped with a locked bootloader.

- Advertisement - Google News

Need Physical Access to Exploit OnePlus 6 Vulnerability

Jason published a live video demonstration of how an attacker can get a malicious image using the ADB tool’s fastboot command if they have physical access to the device.

All the attacker needs are to do reboot the mobile device in Fastboot mode and by connecting the device to the computer an attacker can download the modified image to the device.

Android police confirm this OnePlus 6 Vulnerability present on the OnePlus 6 and it could give the attacker a full control over the device.

Oneplus has officially acknowledged the bootloader vulnerability, saying that the fix will be rolled out soon.

We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.

This is not the first time OnePlus users under risk, in last November a Remote code Exploitation Found in OnePlus devices that allow hackers can run an arbitrary code on vulnerable OnePlus Mobile Phones.

According to reports, OxygenOS 5.1.6 still includes the hack-friendly bootloader, so a patch might be included in OxygenOS 5.1.7.

Also Read:

OnePlus Website Hacked and Attackers Stolen Many Customers Credit Card Details

OnePlus Phones comes with Pre-installed Backdoor that Provides Root Access to the Device

Critical Vulnerability with OnePlus devices allows Remote Exploitation

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

cyber security

Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware

A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by...
Cyber Attack

TA406 Hackers Target Government Entities to Steal Login Credentials

The North Korean state-sponsored threat actor TA406, also tracked as Opal Sleet and Konni,...
cyber security

Google Threat Intelligence Releases Actionable Threat Hunting Technique for Malicious .desktop Files

Google Threat Intelligence has unveiled a series of sophisticated threat hunting techniques to detect...
Adobe

New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution

Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

Register Now

More like this

Adobe

New Adobe Photoshop Vulnerability Enables Arbitrary Code Execution

Adobe has released critical security updates addressing three high-severity vulnerabilities (CVE-2025-30324, CVE-2025-30325, CVE-2025-30326) in...
Adobe

Severe Adobe Illustrator Flaw Allows Remote Code Execution

Adobe has issued an urgent security update for its widely used graphic design software,...
cyber security

Critical Vulnerability in Windows Remote Desktop Gateway Allows Denial-of-Service Attacks

Microsoft has disclosed two critical vulnerabilities in its Remote Desktop Gateway (RDG) service, posing...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved