Apple Fixes Notification Privacy Flaw That Allowed FBI to Access Deleted Signal Messages

Home Cyber Security Apple Fixes Notification Privacy Flaw That Allowed FBI to Access Deleted Signal... Apple released iOS 26.4.2 and iPadOS 26.4.2 on April 22, 2026, to patch a critical notification privacy vulnerability that allowed law enforcement to extract Signal message content from iPhones — even after the app had been deleted. The flaw, tracked as CVE-2026-28950, stems from a logging issue in Apple’s notification services. Notifications marked for deletion were unexpectedly retained on the device, potentially leaving sensitive message previews to persist long after users believed they had been wiped. Apple addressed the root cause through improved data redaction in its logging framework. The vulnerability gained public attention after investigative outlet 404 Media reported that the FBI had successfully extracted Signal message notification content from a suspect’s iPhone during a criminal investigation, despite Signal being uninstalled from the device. The retained notification previews provided enough readable content to be forensically valuable to investigators. Signal Praises Apple’s Swift Response Signal acknowledged the patch publicly, praising Apple for acting quickly after the disclosure. In a post on X, the encrypted messaging platform confirmed that the update not only prevents future notifications from lingering for deleted apps but also automatically clears previously retained notification data on affected devices. WE ARE VERY HAPPY THAT TODAY APPLE ISSUED A PATCH AND A SECURITY ADVISORY. THIS COMES FOLLOWING @404MEDIACO REPORTING THAT THE FBI ACCESSED SIGNAL MESSAGE NOTIFICATION CONTENT VIA IOS DESPITE THE APP BEING DELETED. APPLE’S ADVISORY CONFIRMED THAT THE BUGS THAT ALLOWED THIS TO… — Signal (@signalapp) April 22, 2026 This is particularly significant given Signal’s reputation as a gold-standard privacy tool. The fact that iOS’s own notification infrastructure could inadvertently undermine Signal’s end-to-end encryption at the OS level highlights the complexity of securing a full device privacy stack. The update applies to a broad range of Apple hardware: iPhone 11 and later iPad Pro 12.9-inch (3rd generation and later), 11-inch (1st generation and later) iPad Air 3rd generation and later iPad 8th generation and later iPad mini 5th generation and later Users on older devices can apply the same fix via iOS 18.7.8 and iPadOS 26.4.2. Build 23E261, approximately 670–770 MB, is available now. Navigate to Settings > General > Software Update to install the patch immediately. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security Critical Pack2TheRoot Vulnerability Let Attackers Gain Root Access or Compromise the System Cyber Attack News Checkmarx KICS Official Docker Repo Compromised to Inject Malicious Code Cyber Security News 109 Fake GitHub Repositories Used to Deliver SmartLoader and StealC Malware Top 10 Top 10 Best User Access Management Tools in 2026 April 4, 2026 Top 10 Best VPN For Chrome in 2026 April 4, 2026 20 Best Application Performance Monitoring Tools in 2026 April 3, 2026 Top 10 Best VPN For Linux In 2026 April 3, 2026 10 Best VPN For Privacy In 2026 April 2, 2026