OnePlus devices are the holy grail for fans of unlocked phones, open for tinkering. But apparently OxygenOS versions were more open than they need to be. A security researcher found out that OxygenOS 3.2 through 4.0.1 has a vulnerability that lets anyone with two native fastboot commands to disable the verified boot feature without actually unlocking the bootloader with the user-accessible command. This means a malicious code could be run without even resetting the user data. OnePlus 3 was upgraded to 4.0.2 and the Shenzhen-based company says it patched the vulnerability. It also...
Source: http://www.gsmarena.com/vulnerabilities_found_in_oneplus_3_and_3t_with_older_oxygenos-news-23329.php
