Comment by charcircuit
6 hours ago
This is industry standard. Flashing old updates that are insecure to bypass security is a legitimate attack vector that needs to be defended against. Ideally it would still be possible up recover from such a scenario by flashing the latest update.
Standard?? The standard is for the upgrade to be refused or not boot until you flash a newer one, not to brick the phone permanently. It's not an "ideally" thing for the manufacturer to not intentionally brick your device you bought and paid for.
What's being attacked in this particular case?
The phone. It's the same attacks that secure boot tries to protect against. The issue is that these old, vulnerable versions have a valid signature allowing them to be installed.