Many programs need to be updated to avoid security vulnerabilities. As far as I understand these vulnerabilities can be exploited (in some cases) even if the program is not run anymore. E.g Java is constantly updated due to a number of issues (including many security issues) and as the old versions are not automatically removed, the advice is to remove these manually via add/remove. I am wondering if any unpatched software in backup snapshots could "theoretically" be exploited? If I were to boot in these snapshots, of course I could update and patch whatever needs attention but what about those slumbering snapshots for the potential emergency?