It was also found independently by a OnePlus engineer. The first vulnerability, CVE-2017-5626, was reported on January 23rd. Both issues were responsibly disclosed to and acknowledged by OnePlus Security. The combination of the vulnerabilities enables a powerful attack – persistent highly privileged code execution without any warning to the user and with access to the original user’s data (after the victim enters his credentials). The second vulnerability, CVE-2017-5624, affecting all versions of OxygenOS to date (Feb 10 UPDATE: OxygenOS 4.0.3, released Feb 09, seems to be patched), allows the attacker to disable dm-verity. This vulnerability allows for kernel code execution (albeit with a 5 seconds warning upon boot). The vulnerability allows for a physical adversary (or one with ADB/fastboot access) to bypass the bootloader’s lock state, even when Allow OEM Unlocking is disabled, without user confirmation and without triggering a factory reset. The first one, CVE-2017-5626, is a critical severity vulnerability affecting OxygenOS 3.2-4.0.1 (4.0.2 is patched). In this blog post I disclose two vulnerabilities in the OnePlus 3/3T bootloader. Owning a Locked OnePlus 3/3T: Bootloader Vulnerabilities New Bootloader Vulnerabilities in OnePlus 3/3T – CVE-2017-5626 and CVE-2017-5624
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |