Software has bugs. Large scale software invariably has LOTS of bugs. Sometimes these bugs are bad enough that they provide an entrypoint for hackers to attack your system. We call these “Vulnerabilities”. When a hacker discovers and uses a vulnerability to attack your system that’s called an “Exploit”.

Security updates patch these bugs. Sometimes they’re found internally; Large companies have entire teams whose whole job is to find vulnerabilities in their own code. Sometimes they’re found externally, either by security researchers or hackers.

Security updates could either be patching a vulnerability that was found before an exploit was developed, or they could be fixing a vulnerability that is actively being exploited. Either way they’re very important. The longer your software goes unpached the more and more common attacks against it will become.