21 matches found
EUVD-2017-14721
Malware in sbrugna...
EUVD-2017-14722
Malware in sbrugna...
EUVD-2017-14723
Malware in sbrugna...
OnePlus 3/3T OxygenOS Unauthorized Flash Dumping via fastboot(CVE-2017-5625)
Products OnePlus 3T OnePlus 3 Vulnerable Version OxygenOS 4.0.2 and earlier Mitigation Install OxygenOS 4.0.3 or later Summary A physical attacker, PC malware / malicious charger having ADB or fastboot access to the device can cause a locked bootloader to partially dump the content of an arbitrar...
CVE-2017-5625
In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized attacker can cause a locked bootloader to partially dump the ciphertext content of an arbitrary partition except 'keystore' by issuing the 'fastboot oem dump ' fastboot command...
OnePlus 3/3T open up an ADB session without authorization (CVE-2017-5622)
Last month we published CVE-2017-5626 patched in OxygenOS 4.0.2, a vulnerability which allowed attackers to effectively unlock a OnePlus 3/3T device without a factory reset. Combining this with our also discovered CVE-2017-5624 patched in OxygenOS 4.0.3 enabled a powerful attack against locked...
CVE-2017-5622
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other...
Authorization
With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other...
CVE-2017-5622
CVE-2017-5622 (OnePlus 3/3T, OxygenOS prior to 4.0.3) describes a vulnerability where a charger connected to a powered‑off device enables adbd, allowing an attacker to open an ADB session without user authorization. The linked sources explain that OnePlus customized adbd to bypass ADB authorizati...
Command injection
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...
CVE-2017-5623
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...
CVE-2017-5623
An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T devices. The attacker can change the bootmode of the device by issuing the 'fastboot oem bootmode rf/wlan/ftm/normal command' in contradiction to the threat model of Android where the bootloader MUST NOT allow any...
Privilege escalation
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
CVE-2017-5624
An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...
CVE-2017-5626
OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...
OnePlus 3/3T Bypassing the Bootloader’s Lock (CVE-2017-5626)
Bypassing the Bootloader’s Lock CVE-2017-5626 OnePlus 3 & 3T running OxygenOS 3.2 - 4.0.1 had two proprietary fastboot oem commands: 1. fastboot oem 4F500301 – bypasses the bootloader’s lock – allowing one with fastboot access to effectively unlock the device, disregarding OEM Unlocking, without...
OnePlus 3/3T: Bootloader disable dm-verity Vulnerability (CVE-2017-5624)
CVE-2017-5624, affecting all versions of OxygenOS to date, allows the attacker to disable dm-verity. The combination of the vulnerabilities enables a powerful attack – persistent highly privileged code execution without any warning to the user and with access to the original user’s data after the...
Authentication flaw
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...
CVE-2017-5554
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...
CVE-2017-5554
An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2. The attacker can reboot the device into the fastboot mode, which could be done without any authentication. A physical attacker can press the "Volume Up" button during device boot, where an attacker with ADB access can iss...