Interesting concept! One reason manufacturers tout they stay away from updating every time a new version of Android is released is because many of those changes that improve performance of things like the display and the radio require additional hardware testing and integration to work with vendor specific chip sets. But if the Android open source project managed to separate security from other types of updates manufacturers might be able to quickly pass along security patches without incurring the the expense and risk of updating firmware more closely tied to the physical hardware. Though in the particular case this post discusses the exploit and fix for that exploit all stem from software Samsung created and added on top of the default OS distribution so it wasn't really necessary to update Android itself to patch the hole.