[klodolph]

The way iOS and macOS applications are verified is by signing the application package itself, presumably the OS updates use a similar mechanism. At that point it is irrelevant whether the connection used to download the package is secure. This is similar to the way that packages for most (sane) Linux distributions are signed. The advantage to this technique is twofold: that there are network environments where SSL communication is not possible, and you can distribute updates offline or from your own server and devices will still accept the updates.

[0x0]

No, iOS updates require online validation because the boot rom will issue a one-time challenge based in part on the device's unique serial number, and it needs to be granted a "ticket" response by the apple servers. This is why you usually can't downgrade iOS versions (as the apple servers will refuse to grant a ticket for old versions). Google keywords: apnonce, apticket, shsh blobs, signing window

[klodolph]

This comment appears to add additional, specific information to my general comment rather than disagreeing with what I said, but the comment starts with "no", which implies otherwise.

The core idea here is that SSL is not necessary if the data is signed through some other mechanism.

[mikeash]

I think "no" was due to "you can distribute updates offline or from your own server and devices will still accept the updates." I assume you just meant that as a general thing, but one could read the comment as saying that because iOS signs updates this way, it can do offline updates.

[bdrool]

As I mentioned here[1], it's more about the user experience than security, sorry, I should have been more clear.

[1] https://news.ycombinator.com/item?id=14028693