Apple Resolves iPhone Privacy Flaw Affecting Signal

Apple Resolves iPhone Privacy Flaw Affecting Signal

Posted on By CWS

Apple has released iOS 26.4.2 and iPadOS 26.4.2 on April 22, 2026, effectively resolving a significant privacy vulnerability linked to notification services. This flaw, identified as CVE-2026-28950, had allowed law enforcement agencies to retrieve content from Signal messages on iPhones, even after the app was uninstalled.

Details of the Security Vulnerability

The privacy issue originated from a logging error within Apple’s notification system. Notifications intended for deletion were inadvertently kept on the device, leaving sensitive message previews accessible beyond their intended lifespan. Apple tackled the issue by enhancing data redaction processes within its logging framework.

The flaw was brought to light by 404 Media, which reported that the FBI managed to extract Signal message content from a suspect’s iPhone during an investigation. This raised concerns about the potential forensic value of retained notification previews, despite the removal of the app from the device.

Signal’s Response and Apple’s Prompt Action

Signal publicly commended Apple for swiftly addressing the vulnerability following its disclosure. In a statement on X, the messaging platform confirmed that the latest update not only prevents future notifications from persisting after an app’s deletion but also purges previously stored data on impacted devices.

The rapid response from Apple underscores the significance of maintaining privacy standards, especially given Signal’s reputation as a leading encrypted messaging service. The incident highlights the challenges involved in ensuring comprehensive device-level privacy.

Device Compatibility and Installation

The update is compatible with a wide array of Apple devices, including iPhone 11 and newer, iPad Pro (3rd generation and later), iPad Air (3rd generation and later), and other recent models. Users with older devices can apply a similar fix through iOS 18.7.8 and iPadOS 26.4.2.

The update, identified by build number 23E261 and sized between 670–770 MB, is currently available. Users can install the patch by navigating to Settings > General > Software Update on their devices.

Stay informed with daily cybersecurity updates by following us on Google News, LinkedIn, and X. Reach out to share your stories with us.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email Huge Wave of Malicious Efimer Malicious Script Attack Users via WordPress Sites, Malicious Torrents, and Email Cyber Security News
GhostBat RAT Android Malware With Fake RTO Apps Steals Targeting Indian Users to Steal Banking Data GhostBat RAT Android Malware With Fake RTO Apps Steals Targeting Indian Users to Steal Banking Data Cyber Security News
Phorpiex Botnet’s Evolving Threats: Ransomware and More Phorpiex Botnet’s Evolving Threats: Ransomware and More Cyber Security News
Hackers Exploit Obsidian Plugin for Cross-Platform Malware Hackers Exploit Obsidian Plugin for Cross-Platform Malware Cyber Security News
Hackers Weaponize SVG Files and Office Documents to Target Windows Users Hackers Weaponize SVG Files and Office Documents to Target Windows Users Cyber Security News
Flowise Vulnerability Exposes Millions to Remote Code Risks Flowise Vulnerability Exposes Millions to Remote Code Risks Cyber Security News