You are conflating the CA system traditionally used on the Web with SSL itself. Apple does not depend on other certificate authorities to sign its software. Anybody can create their own root CA — it just won't be trusted by browsers out of the box.