---
title: "Update — AP Cybersecurity Definition & Exam Guide"
description: "An update is new code a vendor ships to fix vulnerabilities and bugs. In AP Cybersecurity it's a core device-security control under EK 4.3.C, and it's how you close known holes before attackers use them."
canonical: "https://fiveable.me/ap-cybersecurity/key-terms/update"
type: "key-term"
subject: "AP Cybersecurity"
unit: "Unit 4"
---

# Update — AP Cybersecurity Definition & Exam Guide

## Definition

In AP Cybersecurity, an update is software that a vendor releases to fix vulnerabilities or improve an operating system or application; keeping software updated removes known weaknesses so adversaries can't exploit them (EK 4.3.C.2).

## What It Is

An **update** is new code a vendor or maintainer pushes out to fix problems in an [operating system](/ap-cybersecurity/unit-4/protecting-devices/study-guide/n86HF5aR65a2DLQwNHDn "fv-autolink") or application. When someone discovers a [vulnerability](/ap-cybersecurity/key-terms/vulnerability "fv-autolink") (a weakness an attacker could abuse), the company that maintains the software writes a fix and sends it to users as an update. A small, targeted update that fixes one specific issue is called a **patch** (EK 4.3.C.1).

The whole point is closing **known** holes. Once a vulnerability is public, attackers know exactly where to look. Running the most recent version of your software means that door is already shut (EK 4.3.C.2). Updating isn't a one-time thing either. New vulnerabilities get found constantly, so updating is an ongoing habit, not a checkbox.

## Why It Matters

Updates live in **[Unit 4](/ap-cybersecurity/unit-4 "fv-autolink"): Securing Devices**, specifically topic 4.3 Protecting Devices. The term directly backs learning objective **[AP Cybersecurity](/ap-cybersecurity "fv-autolink") 4.3.C**, which asks you to explain *why* keeping an OS and software updated makes a device more secure. The answer the CED wants is simple and you should be able to say it cold: updates remove known vulnerabilities so adversaries can't exploit them.

Updates also show up as a [managerial control](/ap-cybersecurity/key-terms/managerial-control "fv-autolink"). An **acceptable use policy** can *require* users to keep software updated (EK 4.3.A.1), which connects the technical fix to organizational rules. So this one term ties the human-policy side of security to the technical side.

## Connections

### [Patch (Unit 4)](/ap-cybersecurity/key-terms/patch)

A [patch](/ap-cybersecurity/key-terms/patch "fv-autolink") is just a small update aimed at one specific fix. Think of an update as the whole category and a patch as the quick, targeted version of it (EK 4.3.C.1).

### [Acceptable Use Policy (Unit 4)](/ap-cybersecurity/key-terms/acceptable-use-policy)

An AUP can require users to keep software updated, so updating isn't only a technical action, it can be a rule the organization enforces (EK 4.3.A.1). This links the policy side of Unit 4 to the technical side.

### Anti-Malware Signatures (Unit 4)

Anti-malware software relies on a database of [malware](/ap-cybersecurity/key-terms/malware "fv-autolink") signatures that has to be kept current (EK 4.3.B.2). Updating signature databases is the same idea as updating an OS: stay current so you can recognize the newest threats.

### [EDR (Unit 4)](/ap-cybersecurity/key-terms/edr)

[Endpoint Detection and Response](/ap-cybersecurity/key-terms/endpoint-detection-and-response "fv-autolink") also depends on staying current to spot new attack behaviors. Updates and EDR are both about not letting a device fall behind what attackers already know.

## On the AP Exam

Expect updating to appear in multiple-choice questions about device-security controls. A common stem asks for an example of something that would appear in an acceptable use policy, and "requiring users to keep software updated" is a textbook correct answer. Other stems test whether you understand *why* updating helps, so be ready to connect it to closing known vulnerabilities, not just "it's good practice." No released FRQ has used the word verbatim, but the reasoning behind it (vendors fix vulnerabilities, you apply the fix before attackers exploit it) is exactly the kind of cause-and-effect explanation the exam rewards.

## update vs patch

An update is the broad category of new code a vendor releases. A patch is a small update that targets one specific fix, usually a security or bug fix. Every patch is an update, but not every update is just a small patch (a major version upgrade is also an update). On the exam, treat "patch" as the precise word for a small, targeted fix.

## Key Takeaways

- An update is new code from a vendor that fixes vulnerabilities or bugs in an operating system or application.
- Keeping software updated removes known vulnerabilities so attackers can't exploit weaknesses that are already public (EK 4.3.C.2).
- A patch is a small, targeted update; the two terms overlap but a patch is the precise word for a single fix (EK 4.3.C.1).
- An acceptable use policy can require users to keep software updated, which makes updating both a technical and a managerial control (EK 4.3.A.1).
- Updating ties to objective AP Cybersecurity 4.3.C, where you explain why current software is more secure than outdated software.

## FAQs

### What is an update in AP Cybersecurity?

It's new code a vendor releases to fix vulnerabilities or bugs in an OS or application. Applying it closes known security holes so adversaries can't exploit them (EK 4.3.C).

### Is updating software actually a security measure or just maintenance?

Yes, it's a real security measure. When a vulnerability is discovered, attackers know where to strike, and the update removes that weakness, so staying updated is one of the most direct ways to protect a device (EK 4.3.C.2).

### What's the difference between an update and a patch?

A patch is a small update that fixes one specific issue, while "update" is the broader term covering everything from a tiny patch to a major version upgrade (EK 4.3.C.1). On the exam, use "patch" when the question describes a small, targeted fix.

### Why does keeping software updated make a device more secure?

Because updates fix known vulnerabilities. An updated device doesn't have the weaknesses attackers already know how to exploit, so the door they'd use is already closed (EK 4.3.C.2).

### Can an acceptable use policy require updates?

Yes. An AUP can require users to keep software updated, which turns updating into an enforceable organizational rule rather than just a personal choice (EK 4.3.A.1).

## Related Study Guides

- [4.3 Protecting Devices](/ap-cybersecurity/unit-4/protecting-devices/study-guide/n86HF5aR65a2DLQwNHDn)

## Structured Data

```json
{"@context":"https://schema.org","@graph":[{"@type":"LearningResource","@id":"https://fiveable.me/ap-cybersecurity/key-terms/update#resource","name":"Update — AP Cybersecurity Definition & Exam Guide","url":"https://fiveable.me/ap-cybersecurity/key-terms/update","learningResourceType":"Concept explainer","educationalLevel":"AP® / High School","about":{"@id":"https://fiveable.me/ap-cybersecurity/key-terms/update#term"},"audience":{"@type":"EducationalAudience","educationalRole":"student"},"dateModified":"2026-06-15T18:59:29.415Z","isPartOf":{"@type":"Collection","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"publisher":{"@type":"Organization","name":"Fiveable","url":"https://fiveable.me"}},{"@type":"DefinedTerm","@id":"https://fiveable.me/ap-cybersecurity/key-terms/update#term","name":"update","description":"In AP Cybersecurity, an update is software that a vendor releases to fix vulnerabilities or improve an operating system or application; keeping software updated removes known weaknesses so adversaries can't exploit them (EK 4.3.C.2).","url":"https://fiveable.me/ap-cybersecurity/key-terms/update","inDefinedTermSet":{"@type":"DefinedTermSet","name":"AP Cybersecurity Key Terms","url":"https://fiveable.me/ap-cybersecurity/key-terms"},"educationalAlignment":[{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.3, LO 4.3.A"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.3, LO 4.3.B"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.3, LO 4.3.C"},{"@type":"AlignmentObject","alignmentType":"educationalSubject","educationalFramework":"AP® Course and Exam Description","targetName":"AP Cybersecurity Unit 4, Topic 4.3, LO 4.3.D"}]},{"@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is an update in AP Cybersecurity?","acceptedAnswer":{"@type":"Answer","text":"It's new code a vendor releases to fix vulnerabilities or bugs in an OS or application. Applying it closes known security holes so adversaries can't exploit them (EK 4.3.C)."}},{"@type":"Question","name":"Is updating software actually a security measure or just maintenance?","acceptedAnswer":{"@type":"Answer","text":"Yes, it's a real security measure. When a vulnerability is discovered, attackers know where to strike, and the update removes that weakness, so staying updated is one of the most direct ways to protect a device (EK 4.3.C.2)."}},{"@type":"Question","name":"What's the difference between an update and a patch?","acceptedAnswer":{"@type":"Answer","text":"A patch is a small update that fixes one specific issue, while \"update\" is the broader term covering everything from a tiny patch to a major version upgrade (EK 4.3.C.1). On the exam, use \"patch\" when the question describes a small, targeted fix."}},{"@type":"Question","name":"Why does keeping software updated make a device more secure?","acceptedAnswer":{"@type":"Answer","text":"Because updates fix known vulnerabilities. An updated device doesn't have the weaknesses attackers already know how to exploit, so the door they'd use is already closed (EK 4.3.C.2)."}},{"@type":"Question","name":"Can an acceptable use policy require updates?","acceptedAnswer":{"@type":"Answer","text":"Yes. An AUP can require users to keep software updated, which turns updating into an enforceable organizational rule rather than just a personal choice (EK 4.3.A.1)."}}]},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"AP Cybersecurity","item":"https://fiveable.me/ap-cybersecurity"},{"@type":"ListItem","position":2,"name":"Key Terms","item":"https://fiveable.me/ap-cybersecurity/key-terms"},{"@type":"ListItem","position":3,"name":"Unit 4","item":"https://fiveable.me/ap-cybersecurity/unit-4"},{"@type":"ListItem","position":4,"name":"update"}]}]}
```
