How to fix OnePlus 6 Bootloader Vulnerability


OnePlus is making its way to upwards in the list of the most popular smartphone manufacturers. The company is not far away from being one of the top smartphone makers. Every time OnePlus takes off, an issue comes up to pull it down. We saw almost every smartphone from the Chinese phone maker suffering through an issue. Their new phone, the OnePlus 6 has also encountered an issue, and it’s a very serious issue. The OnePlus 6 has a loophole in its bootloader which can result in data compromise.

The bootloader vulnerability in the OnePlus 6 allowed hackers and attackers to perform an illegal operation on the phone without unlocking the bootloader. Usually, the bootloader of an Android phone is locked. To perform any custom operation, users have to unlock the bootloader which the company allows only when the user is taking responsibility for the entire risk. The case, however, with the OnePlus 6 was different. Anyone who intended to carry a custom operation did not need to unlock the bootloader from scratch. This can allow anyone with bad intentions to access your private data, credit card information stored on the phone, contacts, pictures and anything else that’s there on your OnePlus 6.

OnePlus was quick enough to admit that the issue was real. The company promised to come up with a fix. Thankfully, this was a software issue and not the hardware issue. As of today, the company has already rolled out a fix. OnePlus 6 users can now protect their phones from this bootloader flaw. All it takes is the installation of a new update released by OnePlus 6.

Here is the official statement of OnePlus on the issue:

We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.

OnePlus released the OxygenOS 5.1.7 update. The new update fixes a couple of other issues. Other than the bootloader vulnerability, OnePlus 6 owners reported problems while they were trying to schedule the Do Not Disturb mode. This bug has also been fixed in the OxygenOS 5.1.7 update. Let’s take a look at the steps to install OxygenOS 5.1.7. Installing this update will fix OnePlus 6 Bootloader Vulnerability.

Note: After OxygenOS 5.1.7, OnePlus has released the OxygenOS 5.1.8 as well. So if your phone is running on OxygenOS 5.1.6 or 5.1.7, you can directly install the 5.1.8 now. OxygenOS 5.1.8 also includes a fix for the OnePlus 6 bootloader vulnerability. Follow the steps to fix OnePlus 6 Bootloader flaw.

How to fix OnePlus 6 Bootloader Vulnerability

Method#1: Install OxygenOS 5.1.8 via OTA

  1. On your OnePlus 6, go to Settings > System Updates.
  2. Tap “CHECK FOR UPDATES” button located at bottom-right.
  3. Your phone will now check for updates, if it’s not already running on OOS 5.1.8, it will tell you to update the phone.
  4. Update now and the bootloader bug will be fixed.

Method#2: Install OxygenOS 5.1.8 via ZIP file

  1. Download OxygenOS 5.1.8 zip file. OxygenOS 5.1.6 to 5.1.8 | OxygenOS 5.1.7 to 5.1.8 
  2. Copy the file to the root of your internal storage.
  3. On your phone, go to Settings > System Updates.
  4. Tap the small gear icon on the top right > Local upgrade.
  5. It will find the OxygenOS 5.1.8 file. Select the file.
  6. The installation will take a few minutes. Once done, your phone will be free of the bootloader flaw.
Usama is a software engineer by profession and at he uses his expertise to solve everyday consumer tech problems with his main areas of interest being Android, iOS and Windows.

Got a question/query or a suggestion? Drop it below.