Downloading an iOS update is like getting a haircut or taking out life insurance; you’ll get to it eventually. The security fixes in iOS 9.2.1, though, available as of this week, earn it a place at the top of your to-do list.

Most notably, the firmware upgrade resolves a security bug that researchers first reported to Apple in the summer of 2013, back when Macklemore topped the charts and the Atlanta Braves were not terrible at baseball. A different world! That specific vulnerability, discovered by Skycure, allowed bad actors to create phony “captive portals”—usually a log-in or authentication page—that would allow the attacker to impersonate the victim on a given site, execute a malicious JavaScript, or log the user into an attacker-controlled account.

“This is the longest it has taken Apple to fix a security issue reported by us. It is important to note that the fix was more complicated than one would imagine,” wrote Skycure CTO Yair Amit in a post announcing the fix. “However, as always, Apple was very receptive and responsive to ensure the security of iOS users.” Important, too, is that despite lurking for so long, this attack was never spotted in the wild.

While that bug headlines the update, it’s joined by a dozen other security patches, three of which were spotted by Ian Beer of Google’s “Project Zero” bug-squashing team.

One hiccup that iOS 9.2.1 doesn’t address? A problem with the battery percentage indicator that’s been a minor annoyance to some iPhone 6S and 6S Plus owners. Still, best not to wait for that fix to come around before going through the install process. All these security fixes may be under the hood, but they’re important for your safety—especially now that the vulnerabilities they patch up are all public knowledge.