How to mitigate CVE-2015-1130 (Hidden Backdoor with Root) due to lack of Apple support?
I would say it's simply not possible.
It apparently took Apple months of effort to close this door. They specifically asked the reporter to hold long past the accepted announcement embargo period, in order to give them sufficient time to fix it before it went public. They say the reason for not back-porting it to earlier OSes is the sheer amount of effort involved.
If they can't do it, I doubt anyone else could.
If it could be even slightly mitigated by any action on your part, I'm fairly sure there would have been advice from them to that effect.