Updates are fairly routine for all software most companies release monthly patches. However some users will leave software behind on patches leading to holes being created in security.
Updating is important as it can be fixing known bug issues to patching flaws in software’s security. The issue rises when a user falls behind this is amplified as the patching of the bugs and flaws are often available to the public.
Open Source Updates
Open source software is very common some examples are firefox, GIMP and blender these pose a unique style of flaw. Publicly known bug fixes and solutions are released as they are patched, due to the nature of them being open source anyone can view what has been fixed. This leads to a very easy opening for attackers as all they have to do is find out what software and patch number you are running and check.
Google in February 2022 found a flaw in their chrome client with google releasing a patch to fix the high severity flaw shortly after it was detected. This flaw was assume to steal memory space it the browser allowing attackers or malware to watch and run things in a users browser. Amplifying this issue users who do not updated software at all or rarely enable themselves to be attacked by a commonly know attack such as this.
Solving The Issue
Fixing an issue like this is often complex, some questions have to be asked around why do people avoid updates and who is responsible. One solution would be scheduling updates at a set time a month across machines so it is patched at the same time. Another you can consider if having software handling all updates and forcing them onto users. Having users be responsible for keeping updates is also another option but as stated in a previous article Zero Trust is a excellent ethic and methodology to put in place.