@pinkbunny
Are you talking about a system update on the phone? Mine was last updated a little over two years ago but also says no new updates available.
I have a S6 because of the poors.
https://www.digitaltrends.com/mobile/galaxy-s6-and-s6-edge-reach-end-of-life/
Operating System updates are nice and all, but it's Security updates that I specifically mean. I think I read that the last one the S6 got was January 2019.
Think of it like this. Let's say there is a evil vulnerability found in 2018. Here's an example of one:
https://nvd.nist.gov/vuln/detail/CVE-2018-9465
That one has the potential to allow a bad guy to escalate privileges, in other words, give the malicious user root access to run code without your permission, and Android version 7-9 are vulnerable. Did anyone turn that vulnerability into something usable, an exploit with a payload? No idea, the potential of a danger doesn't actually mean someone has acted on it.
So, you got security fixes through January 2019, and will be protected against it. What that means, is what if an exploit is found February 2019 or later? You wouldn't have any patches to protect you against it. That's why regular security updates are important. That's why, even though people don't like that Windows 10 forces updates, it's an important, good step in the right direction.
For example, this vulnerability:
https://nvd.nist.gov/vuln/detail/CVE-2019-2176#vulnCurrentDescriptionTitle
Was discovered after you got your last security patch, meaning, if someone was to turn this vulnerability into an exploit and make a payload for it, you'd be vulnerable. Mitre is always difficult to read, I know some of those guys, real nerds, but it sounds like a buffer overflow attack allowing remote code execution. Again, just because a vulnerability exists, does not mean it's been weaponized, just that the potential exists.
That's why it's important to stay up to date with newer phones. Not for the bells and whistles, but for security and patching.
Believe me, I know, I'm a poor too. Just graduated, waiting to see if job offers go through. I buy used phones off Swappa.
https://swappa.com/listing/view/LUGM79959 <-relatively cheap at $125, and will get security updates for years to come.
-------
Here's a famous example:
https://en.wikipedia.org/wiki/Shellshock_(software_bug)
This was discovered in 2014, and meant that basically any linux system was vulnerable to having code run on it. I could be on your system, write some malicious code, but I can't run it, because I'm not root. But, if I typed a few keystrokes in, it would trick the system into letting it run. Just hours after this was released, people were pwning boxes with it. But it was quickly patched, because of just how dangerous it is.
But lots of companies never patched it, because, well, patching is not on their list of priorities, and are still vulnerable to this day. And think of those small devices in your home, like smart thermometers and refrigerators, digital picture frames, printers, etc. A lot of those run linux, because it's free. And, because older versions of linux require less computing power, a lot of them have the old, unpatched versions of linux running.
That's why patching is important. Your patch is only as good as the next vulnerability found, which is why continuous patching is important.