A general problem
Vendors of devices containing software are allowed far too much latitude to escape any product liability with respect to latent bugs. Contrast the auto industry, where if a serious latent problem is discovered with a car, they have to recall and fix all the cars (or face paying out billion-dollar damages, witness the Ford Pinto). They can't get away with just saying "it's out of warranty" or "it's an old model" or "read the license disclaimers". Similarly, phone manufacturers should be obliged to fix bugs that were present in the device at the time it was sold, or in subsequent versions of its software, use of which is required to provide a fix for day-zero bugs. This for at least five years after sale, preferably ten.
Of course, the result of stricter product liability would either be more expensive phones, or fly-by-night manufacturers of cheap phones whose business plan includes going into liquidation within a year.
If Samsung don't patch my S4, the next phone I buy will be a Google one (the only company that pretty much can't evade its moral responsibilities). That, or there will be a breakthrough for a properly open source phone with Linux-style community support.