jLuger.de - Android security meltdowns

This page is dedicated to android security meltdowns. A security meltdown in this context is a security threat that would almost force a large part of the android phones in use to be abandoned due to security reasons.
I hope that this page will show people why we need regular updates even for the core system of android.

Threat: Android Browser Same Origin Policy Bypass < 4.4 - CVE-2014-6041
Consequences: Malicious sites can steal sensitive data from other pages like e.g. the session data of your online banking.
Workaround: Since Android 4.4 there is no built in browser. So on new devices you can get update via PlayStore and don't have to wait for the phone manufacture. This won't also affect any data in other apps. It may be that there aren't much data to be stolen.

Threat: Android Fake ID Vulnerability
Consequences: Malicious apps can impersonate as trusted apps and thus escape the android sandbox without user recognition to e.g. install a trojan.
Workaround: Google fixed their play store to stop such apps. Users of alternative stores are on their own. Like e.g. Amazon App-Shop or F-Droid (the place for open source apps)

Threat: Heartbleed Bug
Consequences: This bug allows an attacker to get information that help him to break encrypted connections and read the contents.
Workaround: None, but according to Google only Android 4.1.1 was affected making it a small group of affected people.

Threat: USSD security flaw
Consequences: Any website could trigger USSD codes and e.g. enter so many wrong pin/puk that the sim card would be broken.
Workaround: Install an app that also reacts on the USSD intent and so bring up an app selector to the user instead of executing the USSD code. As of Android 4.0 this is fixed.

Threat: Stagefright
Consequences: An error in androids media playback engine (named Stagefright) allows malicious medias to execute code. Thus media files can be send via MMS and are processed sometimes before the users see them.
Workaround: None. As of 27.07.2015 the hardware manufacturers are preparing patches. Nexus 6 and Blackphone are the only confirmed devices that are not vulnerable to this threat.

Threat: One Class to Rule Them All (CVE-2015-3825)
Consequences: This error allows apps without any privileges to get access to memory of higher privileged apps and then execute code in their context. This includes apps that run in the highest security context and allows to take over the whole phone. Affected android versions are 4.3 to 5.1
Workaround: None. As of 12.08.2015 Google has created a patch but not distributed.

Threat: Drammer (Extended Rowhammer)
Consequences: Reading bits a lot of time will flip bits in neighor reagions.
Workaround: None. This is a hardware problem. As of 25.10.2016 Google has planed a patch to make usage of the bug more difficult.