Jason Donenfeld, president of Edge Security LLC, also known on XDA as zx2c4, has discovered a vulnerability on the OnePlus 6 that allows you to boot any arbitrary modified image that bypasses bootloader protection measures (such as a locked bootloader).
Exploiting this vulnerability requires physical access to the device.
— Edge Security (@EdgeSecurity) 9 June 2018
This vulnerability allows an attacker with physical access and a tethered connection to a PC to take control of the device. If the boot image is modified with insecure ADB and ADB as root by default, then an attacker with physical access will have total control over the device.
In a statement, OnePlus says:
We take security seriously at OnePlus. We are in contact with the security researcher, and a software update will be rolling out shortly.
Story via – https://www.xda-developers.com