Tuesday, March 4, 2025
Follow us On Linkedin
HomeVulnerabilityOnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader...

OnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader is Locked

Vulnerability

Published on

By Gurubaran
OnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader is Locked

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A critical OnePlus 6 vulnerability discovered that could allow booting the phone with a modified image and can get administrator privileges even if the bootloader is completely locked and in secure mode.

This OnePlus 6 Vulnerability discovered by Jason Donenfeld of Edge Security, according to the researcher the vulnerability could be exploited by the attacker if they physical access to a OnePlus 6 device.

A bootloader manages and executes the boot sequence, it ensures that you are loading with the genuine software. It is an encrypted security measure and all the Android phones shipped with a locked bootloader.

Need Physical Access to Exploit OnePlus 6 Vulnerability

Jason published a live video demonstration of how an attacker can get a malicious image using the ADB tool’s fastboot command if they have physical access to the device.

All the attacker needs are to do reboot the mobile device in Fastboot mode and by connecting the device to the computer an attacker can download the modified image to the device.

Android police confirm this OnePlus 6 Vulnerability present on the OnePlus 6 and it could give the attacker a full control over the device.

Oneplus has officially acknowledged the bootloader vulnerability, saying that the fix will be rolled out soon.

We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.

This is not the first time OnePlus users under risk, in last November a Remote code Exploitation Found in OnePlus devices that allow hackers can run an arbitrary code on vulnerable OnePlus Mobile Phones.

According to reports, OxygenOS 5.1.6 still includes the hack-friendly bootloader, so a patch might be included in OxygenOS 5.1.7.

Also Read:

OnePlus Website Hacked and Attackers Stolen Many Customers Credit Card Details

OnePlus Phones comes with Pre-installed Backdoor that Provides Root Access to the Device

Critical Vulnerability with OnePlus devices allows Remote Exploitation

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Android

Google Secretly Tracks Android Devices Even Without User-Opened Apps

A recent technical study conducted by researchers at Trinity College Dublin has revealed that...
AI

LLMjacking – Hackers Abuse GenAI With AWS NHIs to Hijack Cloud LLMs

In a concerning development, cybercriminals are increasingly targeting cloud-based generative AI (GenAI) services in...
cyber security

Microsoft Strengthens Trust Boundary for VBS Enclaves

Microsoft has introduced a series of technical recommendations to bolster the security of Virtualization-Based...
Cyber Attack

Hackers Exploiting Business Relationships to Attack Arab Emirates Aviation Sector

A sophisticated cyber espionage campaign targeting the aviation and satellite communications sectors in the...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

CVE/vulnerability

Docusnap for Windows Flaw Exposes Sensitive Data to Attackers

A recently disclosed vulnerability in Docusnap's Windows client software (CVE-2025-26849) enables attackers to decrypt...
CVE/vulnerability

CISA Warns of Active Exploitation of Microsoft Windows Win32k Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2018-8639, a decade-old Microsoft Windows...
CVE/vulnerability

BigAnt Server 0-Day Vulnerability Lets Attackers Run Malicious Code Remotely

A critical vulnerability in BigAntSoft's enterprise chat server software has exposed ~50 internet-facing systems...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2024 GBHackers On Security - All Rights Reserved