I think the issues you refer to are hitting desktops not phones.

If you get hit with malware or a broken vendor 'upgrade' your device is unusable. Search the web for "iphone bricked after upgrade" and there's a plethora of results. It's not restricted to phones. Desktop/Laptop computers have suffered post-upgrade-doorstop syndrome. It's infrequent, but if it's you it's once too often.

A patch that was released 3 months ago can be applied manually, at a time of your choosing, with a lower risk footprint than automatic updates. With automatic updates you don't know if that patch 3 months ago was successfully applied or not.

Patch/upgrade: Yes. Automatically? You take your chances and sooner or later you get burned. Only depend on patches/upgrades? No. More is needed, including OP's not opening 'unsafe' documents.