But does it really do anything to secure a device that’s past EOL? Or is it a marketing action?
Long official support is absolutely a benefit when looking at smartphones, however, articles keep popping up about Apple basically buying and sitting on vulnerabilities for latest and greatest iOS, because that’s what works economically.
What? Yes, Security updates for eol devices is clearly better than doing nothing. Apple’s externally facing vulnerability management program has a bunch of issues but I don’t see how that is relevant
Better for whom? It’s EOL. Are they just plugging high-visibility issues? That’s not doing anything for individual device’s security. They need a giant INSECURE sign instead of giving that false hope for people: “they might patch me past EOL if it’s bad enough”.
Better for the users and for Apple. "less bad" is another way to put it, but it's the same result. I don't see what you're not getting: one security fix is good, even if there's 3 other huge security gaps. Makes the overall situation less bad (or "better"). You can debate about the magnitude of the improvement, but I really don't see how it can be argued there is no improvement...
Long official support is absolutely a benefit when looking at smartphones, however, articles keep popping up about Apple basically buying and sitting on vulnerabilities for latest and greatest iOS, because that’s what works economically.