[pxmpxm]

> always update

There's seems to be an army of aspiring CVE bros cargo-culting this idiocy; they pretend to live in a parallel universe where state-sponsored intelligence groups are spending millions to get at the cat photos on their phones.

Obviously the premise that you should just blindly update a device where you have no recourse if the update breaks workflow/functionality/user experience (android, ios) or tries to monetize the hardware you actually own (msft) is prima facie stupid.

[Gigachad]

There have been quite a few real world examples of malware scanning the internet and just infecting every vulnerable device it can find. Though this mostly only affects things directly exposed like routers or servers.