Well given it was both the update app and the web browser, not just the web browser. It's definitely built in. Unless their app updater/software updater is just safari with an overlay.
The updater and Safari would use the same TLS/SSL library (which would only support older, no longer secure TLS ciphers and would have the same root certificates, some of which would be expired). If you put a recent version of Firefox or Chrome on (via a USB drive), they bundle their own TLS libraries and certificates so those would work.
(But in the same way the OS ones weren't working, you wouldn't be able to use a 12 year old version of Firefox or Chrome to access most websites either for the same reasons).
Either way the inbuilt update system had zero way of updating itself or the OS to something that worked and it resulted in a painful few hours of stepping the system up through various OS versions downloaded on other devices until it got to the end of the downloadable versions, and from there on it was inbuilt app for updates only. No downloadable OS. Which would indicate since you can no longer download the latest OS iso's eventually they will block the last available Iso's one from working on their app store and the devices will be bricks.
This is shite design. Let's not kid ourselves here. This is one of the wealthiest companies on earth and thy control their entire hardware and software stack from the ground up. If they can't keep stuff sorted so when an old system plugs in it atleast limp mode upgrades it to the latest offering that system was supported with, this isn't because it's something that's impossible, it's because they don't want to.
If community non profit managed linux distros can get installed on 15 year old machines and just you know, sort out the drivers for the ancient ass tech in them without the user doing any more than running the update manager to hell apple couldn't have worked out the same.
It's a load of crap sold under the guise of security. Some nefarious actor wants to dl updates from their servers for ancient tech? Why in the world should they not be able to? Their update servers shouldn't have any services attached other than being a glorified dl directory.it shouldn't even be something they care about because there is zero risk attached.
SSL/TLS/etc are libraries, yes. And the certificate store is an OS service.
Ancient software has trouble talking to modern services; modern services and devices don't want to fall back to speaking the old versions because of downgrade attacks.
And if you have an important CA certificate expire, you can't talk to anything.
stephen_g|1 year ago
(But in the same way the OS ones weren't working, you wouldn't be able to use a 12 year old version of Firefox or Chrome to access most websites either for the same reasons).
gtvwill|1 year ago
This is shite design. Let's not kid ourselves here. This is one of the wealthiest companies on earth and thy control their entire hardware and software stack from the ground up. If they can't keep stuff sorted so when an old system plugs in it atleast limp mode upgrades it to the latest offering that system was supported with, this isn't because it's something that's impossible, it's because they don't want to.
If community non profit managed linux distros can get installed on 15 year old machines and just you know, sort out the drivers for the ancient ass tech in them without the user doing any more than running the update manager to hell apple couldn't have worked out the same.
It's a load of crap sold under the guise of security. Some nefarious actor wants to dl updates from their servers for ancient tech? Why in the world should they not be able to? Their update servers shouldn't have any services attached other than being a glorified dl directory.it shouldn't even be something they care about because there is zero risk attached.
mlyle|1 year ago
Ancient software has trouble talking to modern services; modern services and devices don't want to fall back to speaking the old versions because of downgrade attacks.
And if you have an important CA certificate expire, you can't talk to anything.