[hypothesis]

But does it really do anything to secure a device that’s past EOL? Or is it a marketing action?

Long official support is absolutely a benefit when looking at smartphones, however, articles keep popping up about Apple basically buying and sitting on vulnerabilities for latest and greatest iOS, because that’s what works economically.

[canes123456]

What? Yes, Security updates for eol devices is clearly better than doing nothing. Apple’s externally facing vulnerability management program has a bunch of issues but I don’t see how that is relevant

[hypothesis]

Better for whom? It’s EOL. Are they just plugging high-visibility issues? That’s not doing anything for individual device’s security. They need a giant INSECURE sign instead of giving that false hope for people: “they might patch me past EOL if it’s bad enough”.

[illiac786]

Better for the users and for Apple. "less bad" is another way to put it, but it's the same result. I don't see what you're not getting: one security fix is good, even if there's 3 other huge security gaps. Makes the overall situation less bad (or "better"). You can debate about the magnitude of the improvement, but I really don't see how it can be argued there is no improvement...