Core Insights - Rapid7 disclosed a critical security vulnerability in OnePlus's OxygenOS, identified as CVE-2025-10184, affecting versions 12 to 15 [2] - The vulnerability stems from improper permission settings during modifications to the Android system's underlying phone API, allowing malicious apps to read or send messages without user knowledge [2] - OnePlus has committed to rolling out security patches starting mid-October, despite researchers attempting to contact the company since May 2025 [2] Company Performance - OnePlus has seen a 31% year-on-year increase in total sales in the first half of 2025, ranking first among smartphone brands [2] - The company targets online users with high-performance needs, overlapping with Xiaomi's target demographic [3] Industry Context - System security and stability have become critical factors for users in an increasingly competitive market [3] - The vulnerability highlights the importance of proper permission settings in custom components, serving as a warning for other manufacturers [3]