If you own a OnePlus phone, there's something you should know: a serious vulnerability could let sneaky apps read your text messages without you even knowing. It's like someone peeking over your shoulder without permission. Cybersecurity experts at Rapid7 discovered this flaw, and it affects a bunch of OnePlus phones running different versions of Oxygen OS. I think that this situation is very serious, because our phones contains lots of private information and is commonly used for 2FA.

This issue, known as CVE-2025-10184, lets malicious apps access your SMS and MMS data without your consent. Imagine someone reading your private conversations or intercepting those security codes you get via text. It's not a pretty picture.

Rapid7 confirmed the vulnerability on the OnePlus 8T and OnePlus 10 Pro, but they warn that other OnePlus devices running Oxygen OS 12, 14, and 15 could also be at risk. Since it affects a core Android component, the impact could be significant.

OnePlus has acknowledged the problem and says a fix is coming in October. However, until then, if you're using OxygenOS 12 or newer, you're vulnerable. I think that the fix is taking to long.

What You Can Do

Until the update arrives, be careful about installing apps from unknown sources. It's like avoiding suspicious-looking strangers – better safe than sorry. It’s frustrating when these vulnerabilities pop up, but staying informed and cautious can help protect your personal information.