The signing of an update prevents non-Apple sources to install their software. It doesn't prevent a malicious actor from installing an Apple update. (Suppose a user has a phone with iOS 16 but does not want iOS 17.)
They have an unopened/unsetup phone (I would assume this feature gets disabled once the phone is set up) with iOS 16 that they own, and someone with bad intentions wants to forcibly update it to iOS 17?
I mean, technically there is an attack vector there, but it's oddly specific, and since the attacker needs physical access anyways, you've got other problems (i.e. someone got into your home).
