225/69 Friday, April 24, 2026
Apple has released security updates to address vulnerability CVE-2026-28950 in iOS and iPadOS, after discovering an issue in the notification handling system that allowed deleted notification data to remain stored on devices. The flaw has been fixed in iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8. Apple stated that the issue was resolved by improving the data redaction process.
The issue gained attention after reports indicated that law enforcement authorities were able to recover message content from Signal via residual notification data, even after the messages had been deleted and the app uninstalled. Importantly, the recovered data did not come from Signal’s encrypted message database, but rather from notification data cached by the iOS system. Apple has not disclosed further technical details and has not confirmed any widespread exploitation of the vulnerability.
Security experts strongly recommend that users update their devices to the latest versions as soon as possible, especially those using messaging apps or applications that display sensitive content in notifications. Signal has confirmed that once the update is installed, any residual notification data unintentionally stored will be removed, and future notifications from deleted apps will no longer persist in the same way.
Source https://www.securityweek.com/apple-patches-ios-flaw-allowing-recovery-of-deleted-chats/