OnePlus to push out OTA for OnePlus 3/3T Bootloader vulnerability

The OnePlus 3 and the OnePlus 3T are probably one of the best phones money can buy right now. OnePlus has also been pushing out the OxygenOS 4.0 Nougat update to the OnePlus 3/3T. But with all software, bugs and exploits are bound to exist. Recently, it was discovered by Roee Hay of the IBM X-Force Application Security Research Team that one can manipulate the SELinux state on the device simply by toggling the state in the bootloader. All the attacker needs is physical access to the device.


SELinux (Security-Enhanced Linux) is a kernel security module which oversees the access and management of security policies. It was introduced in Android 4.3 Jelly Bean and defaults to Enforcing mode since Android 4.4 KitKat. This acts as a hurdle for malicious applications attempting unauthorized control over the device, such as an app aiming to obtain root access maliciously.

The vulnerability is pretty simple to exploit. All one needs to do is reboot the device to bootloader/fastboot mode and issue the command fastboot oem selinux permissive though the adb interface. The OnePlus 3/3T also does not possess a SELinux Status section in the About Phone menu as devices normally do. This further leaves the user unaware of the security status of their device, adding more risk.

Fortunately, OnePlus has acknowledged this issue and has assured that the vulnerability will be patched in the next OTA Update for the OnePlus 3 and OnePlus 3T.

NOTE: We DO NOT RECOMMEND trying out this exploit. This could open up major vulnerabilities to your device.

Via: XDA