...and yet Apple still fixes security bugs in your OS even if your laptop is outside of warranty. I say as long as the device still connects to the internet without a clear error message etc. it should be supported. Realistically the average user has better things to do than check the support period of a random network drive they bought at some sale.

They would. But if there was a software vulnerability that would wipe out the hard drives of computers still realistically in use, much past that 3 year agreement expiry? i'd expect them to be on that.

Suppose there were a vulnerability in Mac OS X Tiger that wiped the hard drive of any G4 Powerbook connected to the internet. Would you expect Apple to be on that?

Actually yes, in that scenario

There are almost 2800 CVEs listed for Mac OS. Do you really believe that none of those are remotely exploitable on some old version of Max OS?

The company is among the most responsive to security issues because security is directly tied to their core value around data privacy.

From conversations on this website about Apple's responsiveness/attitude to security researchers hunting bounties, I have gotten a contrary impression about Apple.

They are not perfect and not always as responsive as I’d like.

They issue security updates for their current OS and 2 versions before, AFAIK.

Is this your experience with Apple as a user or as a security researcher?

As a user interesting in security and following the field quite closely. I know about the limitations of their bug bounty program and some bad experiences some people have had with it. They still ship security updates to 8 years old devices and 3 years old OSes. Is that a problem?

I have two 2010-11 MacBook Pros that are working perfectly with their original mechanical hard drives. They even still get software updates.

My 15" 2013 MBP runs Big Sur just fine... Sure, not quite 12 years, but still

I have a 2010 MBP that I use as a print server... it still gets occasional updates.

What if the appliance has removable drives, so its life is much longer than the drives themselves?

e.g.: Live Duo 8TB: https://productimages.hepsiburada.net/s/12/500/8922723713074...

That... clearly isn't what GP is talking about? The word "software" was used.

Here is an at-the-time writeup of the unit in question: https://www.wired.com/2012/02/wd-my-book-live-duo/

WD sells the hardware, hard drive, and software as one sealed unit. The part that fails first will be the hard drive inside. The unit shouldn't be end-of-life until it actually should be expected to fail. (WD claims the units were end of life in 2016)

Yes, but there's a difference between the expected rate of mechanical failure, and the existence of a software bug.

The current fault erases everything on the drive. That can be equated fairly equally with mechanical failure. Let's imagine a different bug for instance, that allows anyone on the internet to read/write all the data on the drive. If one of these bugs emerged after 12 years, then there is a much stronger argument that the manufacturer should fix it, because it is a fundamental fault with the device.

Under the sale of goods act of 1979, the device must be suitable for the purpose for which it was sold, and there is no time limit on that, so any consumer with the device could demand that the person who sold it to them fix it. The device was unsuitable for the purpose for which it was sold from day one - it just took 12 years to find that out.