Security specialists from Alephsecurity found new insignificant vulnerabilities (CVE-2017-5948, CVE-2017-8850, CVE-2017-8851, CVE-2016-10370) on OnePlus One/X/2/3/3T OxygenOS and HydrogenOS.
They vulnerabilities influence with the most recent versions (4.1.3/3.0) and beneath.
With these vulnerabilities attackers can achieve a MitM attack and get included in OTA(update process), by doing this they can downgrade the OS and even they can replace OxygenOS with HydrogenOS, without a factory reset.
This vulnerability reported to OnePlus Security on January 26/2017, by Roee Hay from Aleph Research.
No comments:
Post a Comment