OnePlus devices are the holy grail for fans of unlocked phones, open for tinkering. But apparently OxygenOS versions were more open than they need to be.
A security researcher found out that OxygenOS 3.2 through 4.0.1 has a vulnerability that lets anyone with two native fastboot commands to disable the verified boot feature without actually unlocking the bootloader with the user-accessible command. This means a malicious code could be run without even resetting the user data.
OnePlus 3 was upgraded to 4.0.2 and the Shenzhen-based company says it patched the vulnerability. It also started handing out 4.0.3 to OnePlus 3T owners. It brings optimized exposure for night time photos and pre-installed Amazon Prime app for India users, along with various Wi-Fi fixes.