[eugeniub]

It's worth noting that Apple also sometimes releases security updates for devices that no longer support the latest iOS. For example, Apple released security update iOS 12.5.4[1] on June 14, 2021 for the iPhone 5s and iPhone 6.

[1]: https://support.apple.com/en-us/HT212548

[cogman10]

That's the sort of thing that buys a LOT of good will for me.

[hypothesis]

But does it really do anything to secure a device that’s past EOL? Or is it a marketing action?

Long official support is absolutely a benefit when looking at smartphones, however, articles keep popping up about Apple basically buying and sitting on vulnerabilities for latest and greatest iOS, because that’s what works economically.

[canes123456]

What? Yes, Security updates for eol devices is clearly better than doing nothing. Apple’s externally facing vulnerability management program has a bunch of issues but I don’t see how that is relevant

[hypothesis]

Better for whom? It’s EOL. Are they just plugging high-visibility issues? That’s not doing anything for individual device’s security. They need a giant INSECURE sign instead of giving that false hope for people: “they might patch me past EOL if it’s bad enough”.

[illiac786]

Better for the users and for Apple. "less bad" is another way to put it, but it's the same result. I don't see what you're not getting: one security fix is good, even if there's 3 other huge security gaps. Makes the overall situation less bad (or "better"). You can debate about the magnitude of the improvement, but I really don't see how it can be argued there is no improvement...