Skip to content

Archive for

5
Apr

The Android April 2 security patch is live – here are the details you need to know


nexus-5x-black-back-angle.jpg?itok=n8W3U

The Android security patch dated April 2, 2016 is up and running — factory images are available and code is being updated.

Google has released the details surrounding the April 2 security patch for Android, completely mitigating issues described in a bulletin several weeks ago as well as a slew or other critical and moderate issues. This one is a bit different from previous bulletins, with special attention paid to a privilege escalation vulnerability in versions 3.4, 3.10 and 3.14 of the Linux kernel used in Android. We’ll discuss that further down the page. In the meantime, here’s the breakdown of what you need to know about this month’s patch.

Updated firmware images are now available for currently supported Nexus devices on the Google Developer site. The Android Open Source Project has these changes rolling out to the relevant branches now, and everything will be complete and synchronized within 48 hours. Over the air updates are in progress for currently supported Nexus phones and tablets, and will follow the standard Google rollout procedure — it may take a week or two to get to your Nexus. All partners — that means the people who built your phone, regardless of brand — have had access to these fixes as of March 16 2016, and they will announce and patch devices on their own individual schedules.

The most severe issue addressed is a vulnerability that could allow remote code execution when processing media files. These files can be sent to your phone by any means — email, web browsing MMS or instant messaging. Other critical issues patched are specific to the DHCP client, Qualcomm’s Performance Module and RF driver. These exploits could allow code to run that permanently compromises the device firmware, forcing the end user to need to re-flash the full operating system — if “platform and service mitigations are disabled for development proposes.” That’s security-nerd speak for allowing apps from unknown sources to be installed and/or allowing OEM unlocking.

Other vulnerabilities patched also include methods to bypass Factory Reset Protection, issues that could be exploited to allow denial of service attacks, and issues that allow code execution on devices with root. IT professionals will be happy to also see mail and ActiveSync issues that could allow access to “sensitive” information patched in this update.

As always, Google also reminds us that there have been no reports of users being affected by these issues, and they have a recommended procedure to help prevent devices from falling victim to these and future issues:

  • Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
  • The Android Security team is actively monitoring for abuse with Verify Apps and SafetyNet, which will warn the user about detected potentially harmful applications about to be installed. Device rooting tools are prohibited within Google Play. To protect users who install applications from outside of Google Play, Verify Apps is enabled by default and will warn users about known rooting applications. Verify Apps attempts to identify and block installation of known malicious applications that exploit a privilege escalation vulnerability. If such an application has already been installed, Verify Apps will notify the user and attempt to remove any such applications.
  • As appropriate, Google Hangouts and Messenger applications do not automatically pass media to processes such as mediaserver.

Regarding issues mentioned in the previous bulletin

nexus-update.jpg?itok=kceaQD2w

On March 18, 2016 Google issued a separate supplemental security bulletin about issues in the Linux kernel used on many Android phones and tablets. It was demonstrated that an exploit in versions 3.4, 3.10 and 3.14 of the Linux kernel used in Android allowed devices to be permanently compromised — rooted, in other words — and affected phones and other devices would require a re-flash of the operating system to recover. Because an application was able to demonstrate this exploit, a mid-month bulletin was released. Google also mentioned that Nexus devices would receive a patch “within a few days.” That patch never materialized, and Google makes no mention of why in the latest security bulletin.

The issue — CVE-2015-1805 — has been patched completely in the April 2, 2016 security update. AOSP branches for Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, and 6.0.1 have received this patch, and the rollout to the source is in progress.

Google also mentions that devices that may have received a patch dated April 1, 2016 have not been patched against this particular exploit, and only Android devices with a patch level dated April 2, 2016 or later are current.

The update sent to the Verizon Galaxy S6 and Galaxy S6 edge is dated April 2, 2016 and does contain these fixes.

The update sent to the T-Mobile Galaxy S7 and Galaxy S7 edge is dated April 2, 2016 and does contain these fixes.

Build AAE298 for unlocked BlackBerry Priv phones is dated April 2, 2016 and does contain these fixes. It was released in late March, 2016.

Phones running a 3.18 kernel version are unaffected by this particular issue, but still require the patches for other issues addressed in the April 2, 2016 patch.

rc.imgrc.imgrc.imga2.imga2t.imgmf.gif

5
Apr

April security patch now available for the BlackBerry Priv


priv-update-march.jpg?itok=_MiWJ2Ms

The April security patches are now available for BlackBerry Priv owners. Those who purchased their phones from ShopBlackBerry may have already received the update on March 23, but now more carriers are pushing it. This update patches the latest round of vulnerabilities that Google discovered, keeping your phone even more secure.

BlackBerry has posted additional details about the update as well if you wish to check those out. To check your phone for an update, head into the Settings, About phone and check for update. Be sure to let us know in the comments once you’ve received it.

rc.imgrc.imgrc.imga2.imga2t.imgmf.gif

5
Apr

The Best in-ear headphones


earphones-ugly-beard-guy.jpg?itok=H3GLqe

Our editors share their picks for the best in-ear headphones available today!

Choosing a pair of in-ear headphones is tough. We all have different tastes, budgets, and needs. So we rounded up a group of people used to making tough choices — our Mobile Nations editors. They’ve shared the in-ear headphones they’re using and, more importantly, why!

Phil Nickinson – Bose QuietComfort 20 Acoustic Noise Cancelling Headphones

phil-gearbag-2016-5.jpg?itok=PxUPNnnT

If you spend any amount of time on airplanes, you need noise-canceling headphones. And the QC20 from Bose will change your life. It’s active noise-cancellation, which means there’s a small, thin box toward the bottom of the cable that houses the battery and electronics. It’s a little clunky, but that’s the price of admission.

It also has to be charged periodically — I’ve only ever done it before a big trip, and maybe before heading home, if it’s going to be a particularly long flight. But it charges over microUSB, so that’s easy enough.

The result is night and day. Music no longer has to be turned up dangerously loud. Voices are easy to understand. Engine noise all but disappears. It’s actually almost disorienting at first. But you’ll soon find you can’t live without it. And I haven’ even mentioned the sound quality. (It’s Bose. It’s good.) Priced at around $299, these aren’t cheap headphones, but they’re excellent. I don’t fly anywhere without them.

See at Amazon

Daniel Bader – RHA T10i

rha-t10i-headphones.jpg?itok=KUBO5O4R

RHA is a relatively unknown company, but it makes high-quality in-ear headphones with extremely good sound quality and enviable designs.

The T10i was, until early 2016, the company’s flagship in-ear monitors, featuring flat (but customizable) sound characteristics (via replaceable filters, emphasizing treble, bass, etc.), and easy-to-mould over-ear hooks for comfortable wear.

Though expensive at just under $200, the T10i’s come with multiple ear tips in both silicone and memory foam, and have a long warranty in case anything happens to them.

See at Amazon

Daniel Rubino – Bose SoundSport In-Ear Headphones

bose-green-fixed.jpg?itok=lbLHoufO

I use them for exercising as I do not have to recharge them (problem with wireless). They look good, are super comfortable, and have excellent sound quality. I have the Microsoft ‘green’ ones as they stand out and I can easily find them in my gym bag.

See at Amazon

Richard Devine – RHA T10

rha-t10-1.jpg?itok=k2ntKmGG

The slightly less expensive companion to the T10i, the main difference to the T10 is the lack of an in-line remote. Otherwise they’re the exact same earbuds with great sound and the ability to swap out the filters in the middle to add more bass or more treble as you so desire. The sheer multitude of different sized tips included in the pack as well means you’re sure of getting a good fit, even with odd ears like mine.

The T10s are so comfortable it’s ridiculous. I wore these almost completely straight through a 13 hour flight with no discomfort whatsoever. There is an element of passive noise cancellation, so noisy plane engines aren’t totally going to drive you mad, but active cancelling is about all I wish these phenomenally good earbuds had.

They’re not cheap, but they’re absolutely worth the money. A blend of sheer comfort and great sound quality means they’d be tough to replace for me.

See at Amazon

Mike Tanasychuk – Apple Earpods

apple_earpods_hero.jpg?itok=qKOPAJe5

For in-ear headphones that just come with a device (iPod or iPhone), they have to be some of the best-sounding headphones I’ve ever used.

The bass tones are very rich and warm and the mid and highs are balanced really well. All levels sing out nicely and it’s really easy to hear harmonies and to separate tracks. Whenever I’m trying to learn a drum or guitar part, these headphones more than do the trick. They may not be much for noise cancelling, but I’ve never had any decline in audio quality because I’ve cranked ’em.

They also seem to last the longest out of any in-ear headphones I’ve used. The plastic doesn’t feel cheap; the rubber cord is formidable and won’t tear (at least, it hasn’t for me); I can usually get a couple years out of a pair.

See at Amazon

DJ Reyes – BlackBerry Premium Headset WS-410

blackberry-premium-headphones.jpg?itok=M

I prefer in-ear headphones rather than over-the-ear ones for travelling because they’re easier to carry around and slip into a pocket. I’ve tried many over the years but there’s one that beats all others – the BlackBerry Premium Headset.

They’re the ones that come in the BlackBerry 10 device boxes. I use them not so much for the sound quality, which is good enough for me still. Not for the noise cancelling function because it doesn’t have that feature but because they fit and don’t fall out of my ear. They fit securely in my ear, in-part thanks to wing-hoop on the ear piece that helps to secure it in place. On top of that, these headphones are not the kind that have to go into my ear canal. Even with those wing tips that come with other in-ear headphones, they never fit in my ear, no matter what size piece I use. Perhaps I’m wearing them wrong but I’ve never really got on well with the ones that have to go into the ear canal, those always pop out.

The in-line microphone and one-touch button comes in handy when I need to take a phone call and the flat wire design means I don’t have to spend time untangling them when I want to use them. I may upgrade to the slightly better model which includes volume keys but for now this WS-410 model suits me just fine.

See at Amazon

Michael Fisher – HTC Active Earbuds

htc-rc-e250-headset-yellow-2-gallery.png

A design that’s dust- and water-resistant (and therefore pocket- and sweat-resistant). Textured metal housings and eye-catching yellow trim. A three-button control collective for music and phone calls. And the buds magically come together when brought back to back thanks to the power of magnets.

It’s tough to make earbuds stand out in 2016, but HTC does it with the Active Headset. Toss in respectable sound quality, a comfy in-ear feel and a reasonable price point, and you’d be hard-pressed to find a better set of buds for your rainy-day hiking trips.

See at Amazon

rc.imgrc.imgrc.imga2.imga2t.imgmf.gif

5
Apr

Android Auto expands to 18 new countries, plus Puerto Rico


nexus-5x-android-auto.jpg?itok=KoeovhvC

More people around the world will be able to start experiencing Android Auto, as the feature is now available in many more countries across the globe. In all, Android Auto has expanded to a total of 18 new countries (and one territory, for good measure) across Latin America, Europe and elsewhere, including:

  • Argentina
  • Austria
  • Bolivia
  • Brazil
  • Chile
  • Colombia
  • Costa Rica
  • Dominican Republic
  • Ecuador
  • Guatemala
  • India
  • Panama
  • Paraguay
  • Peru
  • Puerto Rico
  • Russia
  • Switzerland
  • Uruguay
  • Venezuela

If you call one of the above home and your car is sporting Android Auto, you should be able to start taking advantage of the feature right away.

rc.imgrc.imgrc.imga2.imga2t.imgmf.gif

5
Apr

HTC Vive is the VR system that has won your hearts


htc-vive-consumer-22.jpg?itok=MDVjgxkY

In last week’s poll we asked which VR system you are the most excited about. There are options out there whether you’re interested in VR on your computer, your video game console, or even your phone. With this much variety involved, we wanted to know where your interest in pointed. Of all the VR systems out there, the HTC Vive seems to be the one that caught your eye.

poll-followup-htc-vive-wins-at-vr.jpeg?i

The HTC Vive slid into first place with a solid 24 percent of the vote. Just behind it, in second place with 21 percent of the vote, was “I’m not that interested in VR right now”. The Gear VR took a solid third place with 18 percent of the vote. Playstation VR managed to snag a solid 16 percent of the vote, letting it coast easily into third place. The Oculus Rift snagged 13 percent of the vote to take fifth place in our poll, and “I haven’t decided yet” picked up 9 percent of the vote landing it in last place. While the HTC Vive took 24 percent of the poll landing in first place, it’s also worth pointing out that 30 percent of you are either uninterested in VR, or still trying to decide on the best system for you.

Did your favorite system win out in our poll? Are you vibrating with excitement about the HTC Vive? Let us know all about it in the comments!

rc.imgrc.imgrc.imga2.imga2t.imgmf.gif

5
Apr

Amazon says a new ‘top of the line’ Kindle is coming next week


A new Kindle is coming.

Amazon, the company that makes the Kindle-brand of e-readers and tablets, has announced it will introduce a “top of the line” Kindle sometime next week. Jeff Bezos, the chief executive of Amazon, revealed the news on Twitter, explaining the upcoming model will be a new, eighth-generation of Kindle products. The Kindle Voyage, which released in October 2014, leads the seventh generation of Kindle devices.

The Voyage is a 6-inch slate with an E-Ink display. We currently have no detailes about the eighth-generation Kindle, including whether it is an update to the Voyage or something altogether different, but Bezos said it is “almost ready”. Amazon typically releases new products as soon as they’re announced, so we can assume this new Kindle will be available to order through Amazon next week, alongside its unveiling.

Heads up readers – all-new, top of the line Kindle almost ready. 8th generation. Details next week.

— Jeff Bezos (@JeffBezos) April 4, 2016

Amazon has been making some progress in its hardware department as of late. After launching the ill-fated Fire Phone a few years ago, it faced a lot of criticism over how it is spending money as well as investing time and resources into developing its own hardware products, but the Kindle line has consistently been a good hit for the company. Also, Amazon has found more recent success and critical acclaim with Echo.

Echo is a Bluetooth-connected speaker that Amazon makes and sells. It’s loaded with a personal-assistant feature called Alexa and serves as a direct portal to Amazon.com, as customers can use Echo to order new products through the site. In fact, many of Amazon’s devices are designed with the Amazon.com retail experience in mind. Amazon basically uses them to funnel goods to its customers.

It’s therefore no surprise to see Amazon is eager to update Kindle, as people can use the device to not only order physical goods from Amazon.com but also to buy digital things like Kindle books or Audible audiobooks. Some Kindles even serve up adverts to users.

Stay tuned to Pocket-lint’s Amazon hub during the next week for breaking news from the company.

5
Apr

Pebble brings text replies to iOS users on Verizon


Back in November, Pebble unveiled a Text Reply feature for iOS, finally letting iPhone users respond to incoming text messages on their Pebble smartwatch with a voice note or a canned text response (Custom messages were enabled in February). Unfortunately, the feature was only available for those on AT&T. Now, however, iPhone users on Verizon can enjoy the same benefit as well, thanks to a new Version 3.11 update. The Text Reply feature is available for all Pebble watches, though voice reply is restricted to just the Time models.

The update brings a number of other improvements as well. Sleep-tracking now promises to be more accurate, with added support for daytime naps that are longer than an hour. There’s also a new snooze feature that’ll bring up timeline alerts a little closer to the start time of an event. Those aforementioned Time-series smartwatches will also get more vibration patterns to choose from.

Last but not least, the Pebble app itself is getting a name change. The “Pebble Time” app is now “Pebble” while the old Pebble app will now be “Pebble OLD VERSION.” According to the company, this is to indicate that all Pebble smartwatches will be able to run firmware 3.0 and up, not just the latest Time models. To get the latest update, head on over to the Google Play or the Apple App Store; it should be there starting today.

5
Apr

Outlook Premium gives you custom email addresses for $3.99 per month


News of a planned premium version of Microsoft’s Outlook email platform broke a couple of months back, but at the time it was merely described as a pilot program. Thanks to a landing page discovered by Paul Thurrott, we know now Microsoft’s subscription-based service will cost users $3.99 per month. For the price, Outlook.com Premium will give users an ad-free inbox, better calendar sharing and the ability to choose up to five custom email address domains. So if you’re a fan of Outlook, but not so down with an outlook.com or hotmail.com email address, this could cure what ails you.

Microsoft’s making the first year of the service, which is invite-only for now (you can sign-up here), free for users. Though, it’s worth noting that any personalized email domains you create will not be automatically be renewed along with your Premium or Office 365 subscription. To maintain those addresses after that trial period, you’ll have to visit GoDaddy.com, Microsoft’s official partner for Outlook Premium.

Via: TechCrunch

Source: Thurrott

5
Apr

Court awards $20 million in YouTube channel dispute


YouTube channels can be tremendous things when everything goes according to plan, but things can get really, truly ugly when their creators disagree with each other. Brandon Keating and David “Ty” Moss have won both a $20 million award and controlling interest in a YouTube channel (VideoGames) after suing their former partners in the project, Brian Martin and Marko Princip. Allegedly, Martin and Princip committed fraud by reneging on a 2012 agreement that gave Keating and Moss partial control over and revenue from VideoGames’ videos. The defendants not only avoided making payments, according to the lawsuit, but kept the plaintiffs entirely out of the loop — at one point, Princip even handed control of the channel to a child without telling Keating or Moss what happened.

The lawsuit is unsurprisingly one-sided and should be taken with a grain of salt, but neither of the defendants have sterling online reputations. Princip has seen multiple channels banned for violating YouTube’s guidelines, and appears to have stopped producing for the site altogether. Martin, meanwhile, has been accused of paying for bots (to frame critics for cheating on video views) and creating channels after getting the boot.

One thing’s for sure: as YouTube has grown to include more professionally produced content, it’s also inheriting the bitter legal action that’s all too common in conventional media. There’s enough money at stake (VideoGames has over 3.3 million subscribers as of this post) that producers can get into fights over sums of money that would have been unthinkable several years ago.

Source: PacerMonitor, Victor Vital (Twitter)

5
Apr

Nest kills integration with Revolv’s smart devices


Google-owned Nest has announced that it will shut down all support for the Revolv smart home hub in May and many customers are up in arms over the news. That’s because, come middle of next month, Revolv’s $300 smart hubs will stop functioning completely. It’s not just that their API will no longer operate, the physical devices themselves will brick, according to a report from Business Insider.

Back in 2014, just nine months after Google purchased Nest, Nest itself bought out smart home hub maker Revolv in an acqui-hire deal. That is, they bought Revolv more for their employees than their products. The Revolv team was assigned to work on the “Works with Nest” API and it appears that they simply can no longer swing supporting the Revolv hub and developing the API at the same time. What’s more, Nest immediately stopped selling Revolv products as soon as it acquired the smaller company.

“We’re pouring all our energy into Works with Nest and are incredibly excited about what we’re making,” Revolv founders Tim Enwall and Mike Soucie wrote on the company’s website. “Unfortunately, that means we can’t allocate resources to Revolv anymore and we have to shut down the service.”

Nest has confirmed the shutdown. “Revolv was a great first step toward the connected home, but we believe that Works with Nest is a better solution and are allocating resources toward that program,” Nest rep Ivy Choi told Engadget. There’s no word on precisely how many customers will be affected by the shutdown, though a 2014 report from Re/Code suggests that only a “relatively small” number of people even bothered to download the Revolv app in the first place.

Via: Business Insider

Source: Revolv

« Older Entries
Newer Entries »