π―Basically, Apple fixed a flaw that let the FBI see deleted messages on iPhones.
What Happened
Apple has recently addressed a critical flaw in iOS and iPadOS that allowed deleted Signal messages to be recovered. This vulnerability, tracked as CVE-2026-28950, was linked to the Notification Services system, which improperly retained notifications marked for deletion. Users could unknowingly have their sensitive message content stored on their devices, making it accessible to forensic tools.
Who's Affected
The flaw impacts a wide range of Apple devices, including: The fix is available in iOS 26.4.2 and iPadOS 26.4.2, as well as in iOS 18.7.8 and iPadOS 18.7.8 for older models.
iPhone 11 and
iPad Pro 12.9-inch
iPad Air (3rd
iPad mini (5th
What Data Was Exposed
The vulnerability specifically allowed the FBI to extract copies of incoming Signal messages from a defendant's iPhone, even after the app had been deleted. This incident highlighted a significant privacy concern, as the notifications were stored in the device's push notification database, potentially compromising user confidentiality.
What You Should Do
Users should ensure their devices are updated to the latest versions of iOS or iPadOS to benefit from the security patch. Signal users are encouraged to adjust their notification settings to prevent message content from appearing in notifications. To do this, navigate to your profile > Notifications > Show, and select either "Name only" or "No name or message." This proactive measure can enhance privacy even further.
Conclusion
The swift action taken by Apple to rectify this vulnerability underscores the importance of user privacy and data security. The incident serves as a reminder of the potential risks associated with notification systems and the need for continuous vigilance in protecting sensitive communications.
π Pro insight: Analysis pending for this article.
