Android

How to deal with vulnerabilities on an Android smartphone if neither the manufacturer nor the community release updates for it?

Here I am reading, so here

The Shellshock vulnerability (CVE-2014-6271) in terms of scale and consequences for the worldwide network and devices connected to it can only be compared with the infamous Heartbleed, which was discovered this spring. This name was given to a vulnerability in the Bash shell, which is used in all sorts of modifications and distributions of Linux, Unix, Apple OS X (including the latest version of OS X Mavericks), and Android .

Of course, I always knew that Bash and other things were there, roughly speaking, the same as in regular Linux, but somehow I never thought about it in this way, and then it dawned on me: it turns out my phone can now be hacked /infect anyone who wants scriptkiddy! And through Bash, and through heartbleed (the SSL libraries installed on the phone, too, no one changed in theory) ...
If on the desktop and even on the server the chances are high that a regular update with the elimination of a vulnerability will reach you earlier than a virus or an attacker, then smartphones (namely the OS and system libraries, user applications are another matter) are updated much less frequently, and many do not too popular and not too new models and are never updated at all (in the sense that the manufacturer does not release updates for them (that's how I had Android 4.1 when I bought it, it still is, at least I managed to rut recently), and from the side of alternative firmware there is no support for Cyanogen Mod type).
And how to be?