For anyone who still believes they don't have to apply OS and app software patches ASAP. https://www.infosecurity-magazine.com/news/2016-saw-702-million-exploit/https://www.infosecurity-magazine.com/news/2016-saw-702-million-exploit/
In general, when you're using AE then you should be safe, even without patching. Most exploits try to achieve code execution, AE will block this. Sandboxing browsers and other exploited apps is also a way to contain malware if AE is somehow bypassed.