Many OnePlus Devices Have Major SMS Vulnerability, and Fix Won’t Arrive Until October

OnePlus smartphone users face a critical security threat as millions of devices remain vulnerable to a major SMS security flaw that allows malicious apps to access text messages and bypass two-factor authentication. While OnePlus has acknowledged the issue, the security patch won’t arrive until mid-October, leaving users exposed for several more weeks.

Critical SMS Security Flaw Affects Millions of OnePlus Users

If you’re using a OnePlus smartphone running OxygenOS 12, 14, or 15, cybersecurity experts are urging immediate protective action. The vulnerability, discovered by cybersecurity firm Rapid7, ranks among the most serious Android security flaws of 2025.

Tracked as CVE-2025-10184, the flaw allows any installed app to read SMS and MMS data without permission, user interaction, or notification. Rapid7 warns, “This could lead to sensitive information disclosure and could effectively break the security provided by SMS-based Multi-Factor Authentication (MFA) checks.”

Understanding the SMS Vulnerability Impact

SMS remains a backbone for:

• Banking alerts and verification codes

• Social media account recovery

• Corporate two-factor authentication

• Healthcare notifications

• Government alerts

When malicious apps intercept these messages, they bypass the security layer millions rely on daily—opening the door to account takeovers, financial fraud, and identity theft.

Confirmed Affected OnePlus Models and Versions

Rapid7’s testing confirmed the vulnerability on:

Security researchers believe all OnePlus devices on OxygenOS 12, 14, or 15 are at risk, impacting millions of handsets shipped since 2021. Devices on OxygenOS 11 (2020) remain unaffected.

Technical Root Cause and Company Response

OnePlus modified Android’s Telephony content provider when launching OxygenOS 12, adding providers without proper permission checks. This oversight created a permission bypass in a core Android component, enabling SQL-style access to SMS data.

Timeline of disclosure:

• May 1, 2025: Rapid7 first contacted OnePlus

• Sep 23, 2025: Public disclosure by Rapid7

• Sep 24, 2025: OnePlus acknowledged the flaw

Rapid7 noted restrictive NDA terms forced a public disclosure. OnePlus told 9to5Google: “We acknowledge CVE-2025-10184 and have implemented a fix, rolling out globally via software update from mid-October. We remain committed to protecting customer data.”

Immediate Protection Steps

1. App Management

• Install only from trusted sources (Google Play Store)

• Remove non-essential apps and review recent installs

• Avoid sideloading APKs from unknown sources

2. Two-Factor Authentication Security

• Switch from SMS MFA to authenticator apps (Google Authenticator, Authy)

• Update banking, email, and social media accounts to app-based 2FA

• Disable SMS backup codes where possible

3. Communication Security

• Migrate to encrypted messaging (WhatsApp, Signal)

• Avoid sending sensitive information via SMS

• Use in-app or email notifications instead of SMS alerts

What to Expect from the October Fix

OnePlus confirms the patch will begin rolling out globally in mid-October 2025, with:

• Gradual rollout starting around Oct 15

• Regional deployment prioritizing major markets

• Automatic system-update notifications

• Build-number indicators confirming patch installation

Monitor Settings → System → Software update and install immediately when available.

Conclusion: Taking SMS Security Seriously

The OnePlus SMS vulnerability underscores the need for constant vigilance by manufacturers and users alike. Until the October patch arrives, follow the protective measures above to safeguard your data. This incident also reinforces the shift away from SMS-based authentication toward more secure methods. Stay alert, stay protected, and watch for OnePlus’s global update in mid-October.

Related Articles

• OnePlus Nord 5 Specs Leak: Dimensity Power, 7,000mAh Battery & More Revealed

• OnePlus 13 Global Model Gets New Update: Gemini Nano AI and Ultimate Camera Enhancements

• OnePlus 13 Global Rollout: Snapdragon 8 Elite and Game-Changing AI Features Redefine Flagship