H5N1 serious vulnerability has been discovered inward the OnePlus half dozen bootloader that makes it possible for mortal to kicking arbitrary or modified images to direct maintain total admin command of your phone—even if the bootloader is locked.
H5N1 bootloader is business office of the phone's built-in firmware as well as locking it downwards stops users from replacing or modifying the phone's operating organisation alongside whatever uncertified third-party ROMs, ensuring the organisation boots into the correct operating system.
Discovered past times safety researcher Jason Donenfeld of Edge Security, the bootloader on OnePlus half dozen is non alone locked, allowing anyone to flash whatever modified kicking ikon on to the handset as well as direct maintain total command of your phone.
In a video demonstration, Donenfeld showed how it is possible for an assaulter alongside physical access to OnePlus half dozen to kicking whatever malicious ikon using the ADB tool’s fastboot command, giving the assaulter consummate command over the device as well as its contents.
As you lot tin encounter inward the video, fifty-fifty USB debugging does non demand to endure turned on, which is commonly required for messing some alongside smartphones. All an assaulter needs to practise is plug the target’s OnePlus half dozen into their figurer alongside a cable, restart the telephone into Fastboot mode, as well as transfer over the modified kicking image.
For this, the assaulter requires physical as well as unsupervised access to the targeted OnePlus half dozen device for but a few minutes.
OnePlus has acknowledged the resultant as well as promised to unloose a software update shortly, providing the next statement:
"We direct maintain safety seriously at OnePlus. We are inward contact alongside the safety researcher, as well as a software update volition endure rolling out shortly."So until the fix is rolled out, practise non allow your OnePlus half dozen out of your sight. We volition update this article equally presently equally nosotros become to a greater extent than information on the safety patch, which mightiness endure included inward OxygenOS 5.1.7.
This isn't the outset fourth dimension OnePlus has been caught inward this situation. Late concluding year, a backdoor was discovered inward OnePlus devices running OxygenOS that allowed anyone to obtain root access to the devices.
