In response to the DarkSword vulnerabilities, Apple released backported security fixes for several iOS versions. They also started sending push notifications to get users to update:

"Critical Security Update Needed: Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone."

How does this notification work? Did they foresee the need to send security alerts and build that capability into iOS years ago? After days of capturing my iPhone 7 network traffic while waiting to get the alert, I finally got it.

Turns out they send a push notification targeted at itunesstored, with identifier com.apple.AMSFollowUpIdentifier.Billing. AMS means Apple Media Services. That sounds like it's the kind of alert they send for "your card was declined when charging your monthly Apple Music subscription".

This notification mechanism is flexible enough that they can set the text to "Critical Security Update Needed" and the link target to prefs:root=General&path=SOFTWARE_UPDATE_LINK so it takes you to the Software Updates screen. That's a clever hack... but man, it's a hack.