Android Marshmallow

[Jorge-Vieira]

Android 6.0 will hit several Sony Xperias in the UK on March 7th

If you own a Sony Xperia device and live in the UK, listen up! Android 6.0 could be on its way to your device!
We just received confirmation that Sony will begin rolling out the Android 6.0 software update on March 7th to select Xperia devices in the UK. The devices getting it include the Xperia Z5, Xperia Z4 Tablet, and Xperia Z3+. It’s rare that Sony announces an exact day for a software release, but it’s good for us because we can plan ahead.
The update will roll out in waves so if you don’t receive it right when your alarm goes off, don’t panic. The update should come in at a hefty size considering all the new features, fixes, and implementations. These include simplified app permissions, Now On Tap, and doze, for saving battery when on standby. Make sure you connect to a Wi-Fi network prior to downloading and installing so you don’t exceed your monthly data allowance. Let’s hope the update hits more regions shortly thereafter.
Source: Talk Android

Noticia:
http://www.hardwareheaven.com/2016/0...-on-march-7th/

[Jorge-Vieira]

Synaptics' SentryPoint Security Suite Isolates Fingerprint Sensors From Host Processors

Synaptics, one of the leading companies in fingerprint sensors, announced the Natural ID FS4304, an “ultra-slim” capacitive fingerprint sensor. Synaptics sensors have been used in popular smartphones such as Samsung’s Galaxy S5 and Galaxy S6. Synaptics makes small fingerprint fingerprint readers that fit in tight spaces at the bottom of a smartphone’s screen or even on its side. The new sensor also seems to be targeted at the same tight areas.

Better, Not Bigger

The so-called Madrid Report, a university study funded by Next Biometrics (a Synaptics competitor), concluded that the bigger the area of the sensor, the more accurate it will be because the reader can pick up more data points from the fingerprint pattern.
This seems to make intuitive sense. However, Synaptics said that the study was oversimplifying how fingerprint readers can obtain high accuracy, noting that there are more factors in determining accuracy than the sensor’s area alone. Synaptics said that the design of the sensor array and the design of the end-product are also important, as is the software used in combination with the sensor.
Also, starting with Android 6.0, Google is requiring OEMs to use only fingerprint sensors that have a false acceptance rate no higher than 1 in 50,000. That means any future fingerprint sensors that will be seen on the market should be at least as good, obviating the size/performance debate to an extent.
SentryPoint Security Suite: Isolation From The Host Processor

Alongside the FS4304, Synaptics also announced an advanced anti-spoofing security suite called SentryPoint, which the company claimed is the “industry’s highest level of secure biometric fingerprint authentication.” Synaptics said that its software can make the difference between a spoofed fingerprint and a real finger. The company achieves this by checking for the fingerprint’s “liveness.”
Synaptics’ SentryPoint also delivers enrollment and match in the sensor itself, which means the sensor is fully isolated from the application processor. It also comes with a cryptographic engine on the chip, a unique key generation module, TLS1.2 encrypted secure communications to the host, and a FIDO UAF authenticator.

“Even if the host system is compromised by malware or other attacks, SentryPoint provides an added layer of protection for the user’s biometric data,” said Anthony Gioeli, vice president of marketing, Biometrics Product Division, Synaptics.

Synaptics’ Natural ID FS4304 sensor is already sampling, and it should be available in devices in Q3 this year. The company will be available at the Mobile World Congress next week for presentations to interested customers.

Noticia:
http://www.tomshardware.com/news/syn...ion,31217.html

[Jorge-Vieira]

Download Android 6.0.1 March Security Update – Factory Images

Google has now released March security patch for its Nexus devices. The new factory images are now live, and bring several important security fixes to the Nexus lineup. Based on Android 6.0.1 Marshmallow, no new features or improvements are expected from this build as the focus seems to be bug fixing.
Early Look at Android N: Missing App Drawer, Redesigned Notification Shade, Settings & More



Android 6.0.1 March security patch:

The Android March security release fixes about 16 security bugs discovered and patched by the Android and Chrome security team along with other independent researchers. Some of these exploits are rated critical with remote code execution ability through email, MMS, and web browsing. It is an important security update as the bugs range from moderate to critical in their severity rating. While Google claims that there are no reports of these exploits being used in the wild, users are recommended to update their Nexus devices to the latest firmware update as soon as they receive the over the air notification.

The most severe of these issues is a Critical security vulnerability that could enable remote code execution on an affected device through multiple methods such as email, web browsing, and MMS when processing media files.
Advertisements

It takes a few days until everyone on the Nexus lineup gets the OTA update. However, you can manually flash the firmware on your devices, using the factory images shared here:

• Pixel C
• Nexus 6P (will be shared when available)
• Nexus 5X
• Nexus 6
• Nexus Player
• Nexus 9 (LTE)
• Nexus 9 (WiFi)
• Nexus 5
• Nexus 7 2013 (WiFi)
• Nexus 7 2013

This month’s firmware update doesn’t bring any major features as its focus remains on fixing the bugs, improving security and enhancing the overall performance and stability of the operating system. We don’t recommend users to manually flash the firmware on their devices unless they are confident about the process. If you need help with the flashing process, you can go to this complete guide for the steps.

Noticia:
http://wccftech.com/download-android-marshmallow-march-security-update/#ixzz42FrWJrzs











Update and Root MMB29V Android 6.0.1 on Nexus Devices

Google has released March security updates for its Nexus devices fixing several security exploits in its mobile operating system. We have already shared with you the direct download links of March update. Following are the steps to flash MMB29V Android 6.0.1 on Nexus devices and root them on the latest firmware.

Prerequisites to update and root Nexus devices on Android 6.0.1 MMB29V:

• Create a backup of all important data on your Nexus device.
• Download and install USB drivers for Nexus in your computer.
• The Nexus bootloader should be unlocked.
• Enable USB debugging option by pressing Menu > Settings > Applications. Navigate and tap on Developer Options to ensure that USB Debugging is enabled.
• If you are going to root, make sure to have a custom recovery tool like CWM, or TWRP (download link).
• Ensure that your Nexus device carries more than 70% of charge.

Steps to update your Nexus devices to MMB29V Android 6.0.1:

Required files: Download the required file for your specific Nexus device from this link.
Step 1: Connect your Nexus device using a USB cable and turn it off.
Step 2: Now, start the device in Fastboot mode: Turn on the phone while pressing and holding the Volume Up + Volume Down + Power keys until you see the Fastboot menu and the START text on top.
Step 3: Extract the downloaded Android 6.0.1 file anywhere in your PC. Go to _MMB29V_ folder (the build number for your device) and copy/paste all the files to your Fastboot directory (which often is the platform-tools folder inside the Android SDK directory).
Step 4: This step involves flashing the desired factory image to your Nexus device. Open the folder containing the Android Marshmallow factory image downloaded and extracted. In the address bar, type cmd and type the command written below and press enter.

• On Windows: Run flash-all.bat
• On Mac: Run flash-all.sh using Terminal
• On Linux: Run flash-all.sh

Once the script finishes running, your Nexus device will reboot. First boot may take up to 5 minutes, so don’t be worried if it takes your device longer than usual to boot up.
Your device is now updated to the very latest MMB29V Android 6.0.1 Marshmallow. Once you are done, you can follow the instructions below to root your Nexus device on Android 6.0.1 Marshmallow.
How to root Nexus devices on MMB29V Android 6.0.1:

Required files: download Android SDK and install it. Set it up with platform-tools and USB drivers package in SDK. Download SuperSU v2.66 for Nexus on your PC. Also, download Fastboot from the following links, depending on your OS:

• Windows: Download
• Mac: Download
• Linux: Download

While the above links work for all the Nexus devices, following links are specific to the devices:
Advertisements

• Nexus 6P: TWRP 2.8.7.0. Save it to the android-sdk-windows\platform-tools directory on your computer.
• Nexus 5X: TWRP
• Nexus 6: Download TWRP 2.8.5.0
• Nexus 5: Download CWM 6.0.1.4.5
• Nexus 7 (2013): Download CWM
• Nexus 9: Download TWRP 2.8.7.0

Step 1: Extract the downloaded Fastboot file in android-sdk-windows\platform-tools directory on your PC. Create directory if not already there.
Step 2: Connect your Nexus device to your computer via USB.
Step 3: Copy and paste SuperSu file to your device’s SD card root folder.
Step 4: Turn your Nexus off.
Step 5: Enter the Bootloader mode: power your Nexus on while pressing and holding Volume Down + Power keys.
Step 6: Go to android-sdk-windows\platform-tools directory and open Command Prompt (Shift + Right-click > Open Command Prompt) and type the following command depending on your device:

• Nexus 6P: fastboot flash recovery twrp-2.8.7.0-angler.img
• Nexus 5X: fastboot flash recovery twrp-2.8.7.0-bullhead.img
• Nexus 6: fastboot flash recovery openrecovery-twrp-2.8.5.0-shamu.img
• Nexus 5: fastboot flash recovery recovery-clockwork-touch-6.0.1.4.5-hammerhead.img
• Nexus 7 (2013): fastboot flash recovery recovery-clockwork-touch-6.0.4.7-flo.img
• Nexus 9: fastboot flash recovery twrp-2.8.7.0-flounder.img

Step 7: Once done, enter recovery mode by choosing Recovery from the Fastboot menu.
Step 8: In the recovery mode (CWM or TWRP), scroll to flash zip from SD card > choose zip from sdcard.
Step 9: Using the volume keys, locate SuperSU zip file and select it. Confirm the installation process.
Step 10: After installation is completed, go to +++++Go Back and reboot your Nexus device. First boot may take a few minutes.
Ta da! Your Nexus devices are now rooted on MMB29V Android 6.0.1 Marshmallow. You can also use the Nexus Root Toolkit to root and update your Nexus device on the latest firmware. To verify the root, use any Root Checker app.

Noticia:
http://wccftech.com/flash-and-root-m...#ixzz42FrrsFMj

[Jorge-Vieira]

Flash OctOS Android 6.0.1 Custom ROM for Sprint Galaxy S3

Looking for an Android 6.0.1 Marshmallow based custom firmware for your Sprint Samsung Galaxy S3? Team OctOS has released a stable custom ROM for the handset. Based on 6.0.1, the ROM brings the best features from CM13, LiquidSmooth and other popular Marshmallow based ROMs. Follow this guide for steps to flash OctOS on Sprint Galaxy S3. For features and updates, please visit the official website.
– Best Marshmallow Custom ROMs for Android Devices


Prerequisites to update Sprint Galaxy S3 to OctOS Android 6.0.1:

• Backup any important data from your Samsung Galaxy S3 as a complete wipe will be required during the flashing process.
• Enable USB debugging option on your device: Settings > Development Options > USB debugging.
• Samsung Galaxy S3 must be rooted, unlocked and installed with a recovery tool like TWRP or CWM.
• Your device must be charged to at least 60% of power.

Note: this tutorial is focused on Sprint Galaxy S3; please do not try this guide on other Android & Samsung devices. The unofficial ROM is still in development phase, so please beware that some features might not function at their best.
Advertisements

How to update Sprint Galaxy S3 to OctOS Android 6.0.1:

Required files: download OctOS Android 6.0.1 custom firmware for Galaxy S3 and save it on your computer. Also, download GApps from here. Do not extract the contents.

• Connect Galaxy S3 to your computer using a USB cable and copy the zip file to your phone’s SD card.
• Disconnect the USB cord and power off your Galaxy S3.
• Boot it into recovery mode by pressing and holding Volume Up + Home + Power buttons together.
• Perform a Nandroid backup of your current OS: Backup > backup and restore on ClockworkMod recovery.
• Wipe data task: from the CWM recovery menu, select wipe data / factory reset and confirm the process. Then go on to wipe cache partition and wipe dalvik cache.
• From recovery menu, select install zip from sdcard, followed by choose zip from sdcard. Locate the OctOS Android 6.0.1 custom firmware and confirm the flashing process.
• Return back to main recovery menu and reboot your Sprint Samsung Galaxy S3 into the new custom ROM. First boot may take a few long minutes.

How to restore: If you want to return to previous OS on your SGS3, boot into recovery, select backup and restore then restore your previous ROM by selecting it from the list.

Noticia:
http://wccftech.com/flash-octos-andr...#ixzz42IiH7Yfk

[Jorge-Vieira]

Android’s Stagefright bug returns with new exploit

Google has been battling the Stagefright bug for a while now on Android and while it seemed to dip back into the shadows for a while, it seems to have jumped back into the spotlight this week thanks to a new exploit. According to security firm, Northbit, a new attack known as ‘Metaphor’ can allow a hacker to remotely access a few devices including the LG G3, HTC One, Samsung Galaxy S5 and the Nexus 5.
The research group tested the exploit on those devices and went on to note that it can be used on Android 2.2, 4.0, 5.0 and 5.1 so quite a few devices could potentially be at risk without a security patch.

Speaking with Wired, the researchers said: “Our research managed to get it the attack to the level of production grade, meaning that everyone – both the bad guys and good guys, or governments – could use our research in order to facilitate it in the wild. We managed to exploit it to make it work in the wild. Using the same vulnerability, it is possible to gain arbitrary pointer read to leak back to the web browser and gather information in order to break the ASLR (address space layout randomisation).”

Noticia:
http://www.kitguru.net/laptops/mobil...h-new-exploit/

[Jorge-Vieira]

FTC Flags Android Developers For Apps That Spy On User Television Habits With Audio Beacons

Could your smartphone be listening in on your life? If you download mobile apps without much care for their permissions requests, you might not ever know. The privacy threat is so significant though, that the Federal Trade Commission has stepped in and warned us to be aware of it.
On Thursday, the FTC sent a letter to a dozen app developers warning them against their use of "audio beacons", which listen in on the environment and pick up hidden noise signals from TV shows. This is made possible with technology from an Indian company named Silverpush, and in effect it lets the app figure out what you're watching, because it has the ability to listen in at will. The app would also be able to tell if you completed a show or stopped it half-way through - this type of information is gold for marketers.
image: http://hothardware.com/ContentImages...-Play-Apps.jpg

It's important that the FTC issued this warning before audio beacons become an even bigger problem, but it's unfortunately keeping quiet on which are the guilty, offending apps. However, we can be assured that they are fairly mainstream, as the FTC was able to source them easily enough. If you are concerned about this kind of app behavior, you could review the permissions each app on your phone has access to, and if any app that doesn't require microphone access has it, you could very well be looking at one of these guilty apps.
If you pay for an app, it's unlikely that there will be hidden features like this, but when an app is cost-free, there are immediate reasons to be skeptical. A couple of years ago, we reported on a spying issue that was discovered with a very popular free flashlight app on Google's Play Store (what is it with flashlight apps?). A great rule of thumb to abide by is that if an app is free, and isn't developed by some recognizable, trusted company you should tread lightly, and watch the permissions carefully.
The FTC's letter explicitly states that the developers in question published their apps on Google Play, so this seems to affect only Android at the current time. If the issue becomes big enough, Google could perhaps implement an extra layer of protection by warning people the first time a newly-installed app is opened if it has access to either the camera or the microphone. If you downloaded a flashlight app and received that kind of warning, it should obviously be a red flag, and a great reason to make a b-line to the uninstall button.

Noticia:
http://hothardware.com/news/ftc-flag...6BFwC1WfLXI.99











Stagefright Vulnerability Can Compromise Android Devices In 20 Seconds Or Less

Thought the Stagefright saga was all behind us? Think again. In a new paper published by Israel's NorthBit, we're shown that Stagefright can still prove to be a serious threat to older devices, with some able to be cracked in as little as 20 seconds. If you're still toting around a Nexus 5, LG G3, HTC One, or Samsung Galaxy S5, you should take note.
image: http://hothardware.com/ContentImages..._Galaxy_S5.jpg

Samsung's Galaxy S5, released in 2014, is affected by Metaphor As a bit of a recap, Stagefright isn't just one bug; rather, it's an overarching vulnerability that includes a number of different bugs that affects Android devices versioned 2.2 and newer. While modern phones that still receive updates would have likely received a patch for Stagefright long ago, it doesn't take long in the mobile world for a phone to hit end-of-life status, so there remain a countless number of affected devices out there. If someone breaks through to your device via Stagefright, they could execute code remotely. What makes it truly dangerous, however, is that they could do so with escalated privileges.
This new Stagefright-derived bug has been dubbed "Metaphor", and can bypass the ASLR (address space layout randomization) protections in memory in Android 2.2 and 4.0, on the devices mentioned above. People can fall victim to the bug by visiting a webpage that has a malicious .MP4 video file on it. Loading that file will cause Android to crash and restart, which will then allow JavaScript hosted on the attacker's server of choice to run. This leads to information being gathered and another malicious video being brought in, which then accomplishes the ultimate goal of granting access to the device.





The folks at NorthBit were kind enough to produce a video showing off the attack, and you might just be surprised by how simple it is. As soon as someone visits a webpage that has an infected .MP4 file, you'll be able to see the phone begin handshaking with what NorthBit calls the "control center". To see the attack carried out so easily is a rather alarming.
An obvious question is raised from all of this: "What can you do to protect myself?" That's a tough one to answer, because it would assume that your device is still supported and able to receive updates (at which point it should have received the update already). It's ultimately up to carriers to push through these security updates, so you'd do well to give your carrier a call or shoot them an email and request information about receiving patches. If you're fine with getting your hands dirty, you could also replace the entire ROM on your device with a custom one that's patched, though that's obviously more than a reach for may mainstream users. Otherwise, if you're using one of the affected devices, we'd encourage you to exercise great caution when clicking on a link you are given, or happen to stumble on.

Read more at http://hothardware.com/news/stagefri...klLgIg3ybOw.99

Read more at http://hothardware.com/news/stagefri...klLgIg3ybOw.99

[Jorge-Vieira]

Google warns of Android root access security flaw

Google has issued a warning to Android users this week after it discovered a bug present in the software that could allow hackers to gain root access to your smartphone through a certain application. The flaw itself isn’t particularly new and was originally discovered two years ago in the Linux Kernal but it wasn’t flagged up as an issue at the time.
This hasn’t been an issue for Android users in the past as it wasn’t part of the software but it now is. The vulnerability comes with the identifier CVE-2015-1805 and Google is already working on a security patch but a couple of security research teams beat Google to discovering the issue and figuring out how it all works.

We don’t know the name of the app that this exploit is achieved through but it is no longer on the Play Store. However, Google is classifying this issue with a critical severity rating for now. While Google is currently working on patches for its Nexus smartphones, these only represent a fraction of the Android smartphone market so it will be up to other manufacturers to push out a patch to their own handsets.
You can read Google’s security notice, HERE.

Noticia:
http://www.kitguru.net/gaming/security-software/matthew-wilson/google-warns-of-android-root-access-security-flaw/









Millions of Android Devices at Risk of “Permanent Device Compromise” – Hit By Linux Kernel Bug

Due to elevation of privilege vulnerability in the Linux kernel, millions of Android phones are at risk of security attacks. The entire lineup of Nexus and other Android devices are vulnerable to attacks that can take control of core functions almost permanently. Google has now acknowledged the issue and is sending a fix to Nexus devices, and its partners.

Millions of Android users hit by a Linux kernel bug

Google has shipped an out-of-band emergency patch for Android, trying to fix a bug that is under active exploitation to root devices. Rated critical in severity, the vulnerability CVE-2015-1805 affects all Android devices, including Nexus phones, running Linux kernel versions below 3.18. The privilege escalation vulnerability allows apps to execute arbitrary code in the kernel, getting control over hardware and install spyware and malware, among other legit software.

The flaw, which allows apps to gain nearly unfettered “root” access that bypasses the entire Android security model, has its origins in an elevation of privileges vulnerability in the Linux kernel. Linux developers fixed it in April 2014 but never identified it as a security threat,” Goodin reports. “For reasons that aren’t clear, Android developers failed to patch it even after the flaw received the vulnerability identifier CVE-2015-1805 in February 2015. Arstechnica

The only way to fix this serious Android vulnerability that leads to “local permanent device compromise” is to re-flash Android operating system to apply the fix. As we all know how speedy OEMs and carriers are at distributing security patches, there doesn’t seem to be a fix coming to millions of users. The only lucky group of people is the Nexus users who receive the OTA updates directly from Google.
Advertisements

READ Lightroom For Android Updated To Shoot RAW Photos And More

Google has already uncovered at least one app that attempted to exploit the vulnerability. However, the officials did not say if the application was malicious or an app helping users root their devices.

Friday’s advisory didn’t identify the app that was exploiting the vulnerability except to say it was publicly available, both within and outside of Play, and worked on Nexus 5 and Nexus 6 phones.

Users should consider the risks before installing a rooting app that exploits the vulnerability. As always, stay away from unknown sources when you have to download any apps. “Google Play does not allow rooting applications, like the one seeking to exploit this issue,” security advisory said.
Android devices with a security patch level of March 18 and April 2 are protected against this vulnerability.

Noticia:
http://wccftech.com/millions-of-andr...#ixzz43l3sMVCj

[Jorge-Vieira]

Download MMB29X, MHC19Q Android 6.0.1 April Security Patch – Factory Images

Based on Android 6.0.1 Marshmallow, Google has released April security patch for all the compatible Nexus devices. Bringing no major features, the update is a regular monthly security patch, recommended for your Nexus devices. If you still haven’t received over the air notifications, here is how you can manually update MMB29X, MHC19Q Android 6.0.1 Marshmallow on Nexus 6P, Nexus 5X, Nexus 6, and Nexus 5.

Prerequisites to update Nexus 6P, 5X, 6, 5 on MMB29X, MHC19Q Android 6.0.1:

• Create a backup of all important data on your Nexus device.
• Download and install USB drivers for Nexus in your computer.
• The Nexus bootloader should be unlocked.
• Enable USB debugging option by pressing Menu > Settings > Applications. Navigate and tap on Developer Options to ensure that USB Debugging is enabled.
• Ensure that your Nexus device carries more than 70% of charge.

Steps to update your Nexus device to MMB29X / MHC19Q Android 6.0.1:

Required files: Download the required file for your specific Nexus device from the following links.

• Download Android 6.0.1 Marshmallow MHC19Q for Nexus 6P: angler-mhc19q-factory-f5a4e7a1.tgz
• Download Android 6.0.1 Marshmallow MHC19Q for Nexus 5X: bullhead-mhc19q-factory-22ba5e5a.tgz
• Download Android 6.0.1 Marshmallow MMB29X for Nexus 5: hammerhead-mmb29x-factory-c6109f15.tgz
• Download Android 6.0.1 Marshmallow MMB29X for Nexus 6: shamu-mmb29x-factory-ef4cbb75.tgz

Step 1: Connect your Nexus device using a USB cable and turn it off.
Step 2: Now, start the device in Fastboot mode: Turn on the phone while pressing and holding the Volume Up + Volume Down + Power keys until you see the Fastboot menu and the START text on top.
Advertisements

Step 3: Extract the downloaded Android 6.0.1 file anywhere in your PC. Go to _MM_ _ folder (the build number for your device) and copy/paste all the files to your Fastboot directory (which often is the platform-tools folder inside the Android SDK directory).
Step 4: This step involves flashing the desired factory image to your Nexus device: open the folder containing the Android Marshmallow factory image downloaded and extracted. In the address bar, type cmd and the following command.

• On Windows: Run flash-all.bat
• On Mac: Run flash-all.sh using Terminal
• On Linux: Run flash-all.sh

Once the script finishes running, your Nexus smartphone will reboot. First boot may take up to 5 minutes, so don’t be worried if it takes your device longer than usual to boot up.
Your device is now updated to the very latest MMB29X / MHC19Q Android 6.0.1 Marshmallow. Once you are done, you can follow this guide to root your Nexus device on Android 6.0.1 Marshmallow: How to Root Nexus 6P, 5X, 6, 5 on MHC19Q, MMB29X

Noticia:
http://wccftech.com/update-nexus-6p-5x-6-and-5-on-mmb29x-mhc19q-android-6-0-1/#ixzz44vzSFzjD










How to Root Nexus 6P, 5X, 6, 5 on MHC19Q, MMB29X Android 6.0.1 Marshmallow

Have you installed the April security patch on your Nexus devices? Follow this guide to root MHC19Q and MMB29X Android 6.0.1 Marshmallow on your Nexus 6P, Nexus 5X, Nexus 6, and Nexus 5. Before proceeding, check this guide to flash MMB29X, MHC19Q Android 6.0.1 on your Nexus devices.

Prerequisites to root MHC19Q, MMB29X Android 6.0.1:

• Create a backup of all important data on your Nexus device.
• Download and install USB drivers for Nexus in your computer.
• The Nexus bootloader should be unlocked.
• Enable USB debugging option by pressing Menu > Settings > Applications. Navigate and tap on Developer Options to ensure that USB Debugging is enabled.
• Ensure that your Nexus device carries more than 70% of charge.

How to root MHC19Q / MMB29X Android 6.0.1:

Required files: download Android SDK and install it. Set it up with platform-tools and USB drivers package in SDK. Download SuperSU v2.66 for Nexus on your PC. Also, download Fastboot from the following links, depending on your OS:

• Windows: Download
• Mac: Download
• Linux: Download

While the above links work for all the Nexus devices, following links are specific to the devices:

• Nexus 6P: TWRP 2.8.7.0. Save it to the android-sdk-windows\platform-tools directory on your computer.
• Nexus 5X: TWRP
• Nexus 6: Download TWRP 2.8.5.0
• Nexus 5: Download CWM 6.0.1.4.5

Step 1: Extract the downloaded Fastboot file in android-sdk-windows\platform-tools directory on your PC. Create directory if not already there.
Step 2: Connect your Nexus device to your computer via USB.
Step 3: Copy and paste SuperSu file to your device’s SD card root folder.
Step 4: Turn your Nexus off.
Advertisements

Step 5: Enter the Bootloader mode: power your Nexus on while pressing and holding Volume Down + Power keys.
Step 6: Go to android-sdk-windows\platform-tools directory and open Command Prompt (Shift + Right-click > Open Command Prompt) and type the following command depending on your device:

• Nexus 6P: fastboot flash recovery twrp-2.8.7.0-angler.img
• Nexus 5X: fastboot flash recovery twrp-2.8.7.0-bullhead.img
• Nexus 6: fastboot flash recovery openrecovery-twrp-2.8.5.0-shamu.img
• Nexus 5: fastboot flash recovery recovery-clockwork-touch-6.0.1.4.5-hammerhead.img

Step 7: Once done, enter recovery mode by choosing Recovery from the Fastboot menu.
Step 8: In the recovery mode (CWM or TWRP), scroll to flash zip from SD card > choose zip from sdcard.
Step 9: Using the volume keys, locate SuperSU zip file and select it. Confirm the installation process.
Step 10: After installation is completed, go to +++++Go Back and reboot your Nexus device. First boot may take a few minutes.
Ta da! Your Nexus devices are now rooted on MHC19Q, MMB29X Android 6.0.1 Marshmallow. You can verify the root with any Root Checker app.

Noticia:
http://wccftech.com/root-mhc19q-andr...#ixzz44vzlXL00

[Jorge-Vieira]

39 Android Flaws Fixed in Major Security Patch

Google’s latest patch for their Android operating system is one of the biggest security patches ever released for the OS. This monthly security update covers 39 vulnerabilities that had been found, of which 15 were of the highest rating, critical, which mean they could be used to lead to total compromisation of a device. This patch, which is part of the latest firmware image for Android devices rolled out to Nexus devices starting on Monday, with the update to be added to the Android Open Source Project during the next 24 hours.
One of the vulnerabilities that were included in this patch is one that Google was alerted to just two weeks ago, which has already been employed by a publicly available rooting application. With the tracking tag of CVE-2015-1805, this flaw was originally in the Linux kernel until April 2014, but until recently it wasn’t known that Android was also affected.
As many as nine critical remote code execution flaws were patched in Android’s media codec, media server, and Stagefright library. Of these, five were rated as high impact, including one privilege escalation vulnerability and four information disclosure issues. Critical flaws were also patched in the Android kernel, the Dynamic Host Configuration Protocol client, Qualcomm Performance module and the Qualcomm RF modules.
Aside from CVE-2015-1805’s use in a rooting application, there is no known exploitation of the other vulnerabilities fixed in this patch according to a security advisory from Google. As a result of the large number of high-impact and critical flaws fixed in this patch, it is highly recommended that any updates to Android 6 offered by manufacturers are installed before attacks that make use of them are released into the wild.

Noticia:
http://www.eteknix.com/39-android-fl...ecurity-patch/

[Jorge-Vieira]

Academics Claim Google Android Two-Factor Authentication Is Breakable

Researchers allege that 2FA on Android is not foolproof and accuse Google of not patching the vulnerability even though they were made aware of it a year ago.

If attackers have control over the browser on the PC of a user using Google services (like Gmail, Google+, etc.), they can push any app with any permission on any of the user's Android devices, and activate it - allowing one to bypass 2-factor authentication via the phone. Moreover, the installation can be stealthy (without any icon appearing on the screen). For short, we refer to the vulnerability as the BAndroid (Browser-to-Android) vulnerability and to attacks that abuse it as BAndroid attacks.

Noticia:
http://www.hardocp.com/news/2016/04/...e#.VwqBZnr0Pug