Wednesday, March 19, 2025
Follow us On Linkedin
HomeVulnerabilityOnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader...

OnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader is Locked

Vulnerability

Published on

By Gurubaran
OnePlus 6 Bootloader Vulnerability Could allows Booting any Image even the Bootloader is Locked

Supply Chain Attack Prevention

SIEM as a Service

Follow Us on Google News

A critical OnePlus 6 vulnerability discovered that could allow booting the phone with a modified image and can get administrator privileges even if the bootloader is completely locked and in secure mode.

This OnePlus 6 Vulnerability discovered by Jason Donenfeld of Edge Security, according to the researcher the vulnerability could be exploited by the attacker if they physical access to a OnePlus 6 device.

A bootloader manages and executes the boot sequence, it ensures that you are loading with the genuine software. It is an encrypted security measure and all the Android phones shipped with a locked bootloader.

Need Physical Access to Exploit OnePlus 6 Vulnerability

Jason published a live video demonstration of how an attacker can get a malicious image using the ADB tool’s fastboot command if they have physical access to the device.

All the attacker needs are to do reboot the mobile device in Fastboot mode and by connecting the device to the computer an attacker can download the modified image to the device.

Android police confirm this OnePlus 6 Vulnerability present on the OnePlus 6 and it could give the attacker a full control over the device.

Oneplus has officially acknowledged the bootloader vulnerability, saying that the fix will be rolled out soon.

We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.

This is not the first time OnePlus users under risk, in last November a Remote code Exploitation Found in OnePlus devices that allow hackers can run an arbitrary code on vulnerable OnePlus Mobile Phones.

According to reports, OxygenOS 5.1.6 still includes the hack-friendly bootloader, so a patch might be included in OxygenOS 5.1.7.

Also Read:

OnePlus Website Hacked and Attackers Stolen Many Customers Credit Card Details

OnePlus Phones comes with Pre-installed Backdoor that Provides Root Access to the Device

Critical Vulnerability with OnePlus devices allows Remote Exploitation

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

CVE/vulnerability

Sante PACS Server Flaws Allow Remote Attackers to Download Arbitrary Files

Recently, several critical vulnerabilities were discovered in Sante PACS Server version 4.1.0, leaving it...
Cyber Security News

Attackers Hide Malicious Word Files Inside PDFs to Evade Detection

A newly identified cybersecurity threat involves attackers embedding malicious Word files within PDFs to...
Cyber Attack

US Sperm Donor Giant California Cryobank Hit by Data Breach

California Cryobank, a leading sperm donation facility based in Los Angeles, has been impacted...
Cyber Security News

Cloudflare Introduces Cloudforce One to Detect and Analyze IoCs, IPs, and Domains

Cloudflare, a leading web infrastructure and security company, has launched the Cloudforce One threat...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

Register Now

More like this

CVE/vulnerability

Sante PACS Server Flaws Allow Remote Attackers to Download Arbitrary Files

Recently, several critical vulnerabilities were discovered in Sante PACS Server version 4.1.0, leaving it...
cyber security

Hackers Exploit Cobalt Strike, SQLMap, and Other Tools to Target Web Applications

A recent cybersecurity incident has highlighted the sophisticated methods used by hackers to target...
cyber security

Severe AMI BMC Vulnerability Enables Remote Authentication Bypass by Attackers

A critical vulnerability has been discovered in AMI's MegaRAC software, which is used in...

GBHackers on Security is a top cybersecurity news platform, delivering up-to-date coverage on breaches, emerging threats, malware, vulnerabilities, and global cyber incidents.

Company

Trending

Categories

Copyright @ 2016 - 2025 GBHackers On Security - All Rights Reserved