Apple has released a crucial update for iOS and iPadOS to correct a vulnerability in the Notification Services that inadvertently retained deleted notifications on devices. This flaw, identified as CVE-2026-28950, was a logging error which the company has now resolved through enhanced data redaction techniques.
Affected Devices and Patch Details
The glitch affected a wide range of Apple products including iPhone 11 and newer models, as well as various iPad generations, such as the iPad Pro, iPad Air, and iPad mini. The issue has been addressed in iOS 26.4.2 and iPadOS 26.4.2 for newer models, and in iOS 18.7.8 and iPadOS 18.7.8 for older versions.
This update follows a report by 404 Media which revealed that the FBI extracted Signal message copies from a defendant’s iPhone in a case involving the Prairieland ICE detention center. The messages, although the app was deleted, were accessible due to their storage in the device’s notification database.
Implications of the Security Breach
While it’s uncertain why these notifications were initially logged, the latest update indicates it was an unintentional bug. The timeline for when this issue first occurred remains unclear, as does the potential for authorities having previously accessed similar data through forensic methods.
The situation underscores the vulnerability of sensitive data when a device is physically accessed, despite Signal’s existing option to obscure message content in notifications. The Electronic Frontier Foundation (EFF) emphasized the importance of understanding what metadata can be extracted from notifications and whether they remain encrypted.
Steps for Enhanced User Privacy
Signal users concerned about privacy can adjust their settings by navigating to Profile > Notifications > Show and choosing “Name only” or “No name or message” to limit what appears in notifications. Signal assured users that no action is required on their part to benefit from the fix; once the update is installed, any unintentionally preserved notifications will be deleted.
Signal expressed gratitude to Apple for its prompt response to this critical privacy issue, highlighting the importance of collaborative efforts to safeguard the right to private communication.
