This is software (microcode) vulnerabilities, not hardware. I don't know why this attack would matter, it needs a malicious hypervisor. I only read the summary, because it really doesn't matter. The cloud isn't secure anyway.
Not sure what this has to do with carrier locking. Carrier unlocked phones don't get updated either necessarily even if Google updates the OS. The problem is there is no "Android OS". It is simply a modular set of software that gets put together. It is up to the company that put it together to decide to update it or not. Most won't bother as there is no profit in it, just expense.
This is common in tech. It creates an illusion of leaps of progress in tech. The reality is that the tech industry has reached a dead end with the death of Moore's Law. You will see incremental progress from here on out, but no more large leaps like we have had for the previous 40 years.
You don't really need to develop anything. The actual engineering is trivial. The hard part is figuring out that you need to "add asteroid dust to the hull to block radiation". And we had worked that out years ago. Some of that was worked out here on Slashdot!!!