Well given it was both the update app and the web browser, not just the web browser. It's definitely built in. Unless their app updater/software updater is just safari with an overlay.

The updater and Safari would use the same TLS/SSL library (which would only support older, no longer secure TLS ciphers and would have the same root certificates, some of which would be expired). If you put a recent version of Firefox or Chrome on (via a USB drive), they bundle their own TLS libraries and certificates so those would work.

(But in the same way the OS ones weren't working, you wouldn't be able to use a 12 year old version of Firefox or Chrome to access most websites either for the same reasons).

Either way the inbuilt update system had zero way of updating itself or the OS to something that worked and it resulted in a painful few hours of stepping the system up through various OS versions downloaded on other devices until it got to the end of the downloadable versions, and from there on it was inbuilt app for updates only. No downloadable OS. Which would indicate since you can no longer download the latest OS iso's eventually they will block the last available Iso's one from working on their app store and the devices will be bricks.

This is shite design. Let's not kid ourselves here. This is one of the wealthiest companies on earth and thy control their entire hardware and software stack from the ground up. If they can't keep stuff sorted so when an old system plugs in it atleast limp mode upgrades it to the latest offering that system was supported with, this isn't because it's something that's impossible, it's because they don't want to.

If community non profit managed linux distros can get installed on 15 year old machines and just you know, sort out the drivers for the ancient ass tech in them without the user doing any more than running the update manager to hell apple couldn't have worked out the same.

It's a load of crap sold under the guise of security. Some nefarious actor wants to dl updates from their servers for ancient tech? Why in the world should they not be able to? Their update servers shouldn't have any services attached other than being a glorified dl directory.it shouldn't even be something they care about because there is zero risk attached.

> This is shite design . . . [Stuff] sorted so when an old system plugins in it at least limp mode upgrades

It’s an economic- and risk-based calculation based on security.

You’re trying to get a TWELVE-YEAR OLD system online. Let’s see, since 2012, TLS 1.0 and TLS 1.1 have been officially deprecated (in 2021). In 2024, companies serving TLS 1.1 do not pass certain modern compliance standards. Mountain Lion from 2012 doesn’t support TLS 1.2. Are you arguing that they should leave around a TLS 1.1-based endpoint up, with ciphers that are no longer recommended? And how many CAs can still issue a valid cert trusted by a 12-yr old system?

> [there is zero risk attached]

Community-based Linux distros also offer HTTP (insecure) mirrors. There is also zero risk attached to the mirror serving HTTP. All the risk is on the user side. They don’t care that it’s an exploitable vector. They don’t have a commercial risk/downside. They didn’t sell fleets of old devices with their name on it.

> This is one of the wealthiest corporations on earth

Well this is why. It’s because they spend their money wisely. They decided that supporting OSes over 7 year old (with god knows what unpatched critical bulbs) is not money wisely spent and poses too much risk to their user populace, so they would rather not allow it, rather than support it. They don’t want to train their support on it and they don’t want to allow the possibility of punters getting their old hardware to an older release with open CVEs.

SSL/TLS/etc are libraries, yes. And the certificate store is an OS service.

Ancient software has trouble talking to modern services; modern services and devices don't want to fall back to speaking the old versions because of downgrade attacks.

And if you have an important CA certificate expire, you can't talk to anything.