Apple has released iOS 26.4.2 and iPadOS 26.4.2 on April 22, 2026, effectively resolving a significant privacy vulnerability linked to notification services. This flaw, identified as CVE-2026-28950, had allowed law enforcement agencies to retrieve content from Signal messages on iPhones, even after the app was uninstalled.
Details of the Security Vulnerability
The privacy issue originated from a logging error within Apple’s notification system. Notifications intended for deletion were inadvertently kept on the device, leaving sensitive message previews accessible beyond their intended lifespan. Apple tackled the issue by enhancing data redaction processes within its logging framework.
The flaw was brought to light by 404 Media, which reported that the FBI managed to extract Signal message content from a suspect’s iPhone during an investigation. This raised concerns about the potential forensic value of retained notification previews, despite the removal of the app from the device.
Signal’s Response and Apple’s Prompt Action
Signal publicly commended Apple for swiftly addressing the vulnerability following its disclosure. In a statement on X, the messaging platform confirmed that the latest update not only prevents future notifications from persisting after an app’s deletion but also purges previously stored data on impacted devices.
The rapid response from Apple underscores the significance of maintaining privacy standards, especially given Signal’s reputation as a leading encrypted messaging service. The incident highlights the challenges involved in ensuring comprehensive device-level privacy.
Device Compatibility and Installation
The update is compatible with a wide array of Apple devices, including iPhone 11 and newer, iPad Pro (3rd generation and later), iPad Air (3rd generation and later), and other recent models. Users with older devices can apply a similar fix through iOS 18.7.8 and iPadOS 26.4.2.
The update, identified by build number 23E261 and sized between 670–770 MB, is currently available. Users can install the patch by navigating to Settings > General > Software Update on their devices.
Stay informed with daily cybersecurity updates by following us on Google News, LinkedIn, and X. Reach out to share your stories with us.
