Apple stopped releasing security updates for the iPhone 8+ last Fall. That’s the most minor form of support possible - seems dubious for them to argue that the 8+ is still supported when they won’t do at least that.
Can I sue them for failure to release updates for a product that’s allegedly “supported”? It required me to retire my phone and spend money on a newer one since my company (and many others) refused to permit devices that may not be secure on their network.
I think security updates in general are a fool's errand as Apple has already admitted they don't fully patch operating systems that aren't the "current" version. This is an issue Apple has itself created with the obsession on a yearly release cycle since 2011. The upshot is that Apple introduces vulnerable systems that never get patched correctly. "Here, have a new system with bugs we haven't discovered yet".
I don't think you'll ever see corporations agree to a yearly OS upgrade schedule due to the massive amount of hardware/software testing that is required--this is why they use Windows.
With 0 day exploits, security updates are a game of whack a mole that give a false sense of security. Even the shiny new systems have vulnerabilties that are unknown. At least with some older systems their holes are mostly known and can be mitigated. No operating system is 100% secure. And if you're using something truly obsolete like Windows 95, new viruses are "incompatible".
About software updates for Apple devices
"Note: Because of dependency on architecture and system changes to any current version of Apple operating systems (for example, macOS 14, iOS 17, and so on), not all known security issues are addressed in previous versions (for example, macOS 13, iOS 16, and so on)." So, we know there are security issues, but we aren't going to fix them.