Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages

Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages Ravie LakshmananApr 23, 2026Vulnerability / Encryption Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction. "Notifications marked for deletion could be unexpectedly retained on the device," Apple said in an advisory. The shortcoming affects the following devices - iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later - Fixed in iOS 26.4.2 and iPadOS 26.4.2 iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (2nd generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (3rd generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), iPhone 16e, iPad mini (5th generation - A17 Pro), iPad (7th generation - A16), iPad Air (3rd - 5th generation), iPad Air 11-inch (M2 - M3), iPad Air 13-inch (M2 - M3), iPad Pro 11-inch (1st generation - M4), iPad Pro 12.9-inch (3rd - 6th generation), and iPad Pro 13-inch (M4) - Fixed in iOS 18.7.8 and iPadOS 18.7.8 The update comes weeks after a report from 404 Media that the U.S. Federal Bureau of Investigation (FBI) managed to forensically extract copies of incoming Signal messages from a defendant's iPhone in connection with an attack on the Prairieland ICE detention center facility, even after the app was deleted, by taking advantage of the fact that copies of the content were saved in the device's push notification database. It's not known why the notifications' content was logged in the device to begin with, but the latest update suggests it was a bug. That said, it's unclear when this issue was introduced, and if there have been prior cases where such data may have been captured by authorities using forensic tools. While Signal already has an option to prevent the content of incoming messages from being displayed in notifications, the development highlighted how physical access to a device can facilitate the extraction of sensitive data from at-risk users. "For most app notifications, there's no simple way to easily figure out what metadata might be gleaned from a notification, or if the notification is unencrypted or not," the Electronic Frontier Foundation (EFF) said. "It's also good to reconsider whether any app should be sending you notifications to begin with." To prevent the message content from showing in notifications, users can navigate to their profile > Notifications > Show, and select one of the following: "Name only" or "No name or message." "Note that no action is needed for this fix to protect Signal users on iOS," Signal said in a post on X. "Once you install the patch, all inadvertently-preserved notifications will be deleted, and no forthcoming notifications will be preserved for deleted applications." "We're grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Apple, cybersecurity, data privacy, digital forensics, encryption, iOS, iPadOS, Signal, Vulnerability Trending News Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Your MTTD Looks Great. Your Post-Alert Gap Doesn't OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution Why Threat Intelligence Is the Missing Link in CTEM Prioritization and Validation Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Why Security Leaders Are Layering Email Defense on Top of Secure Email Gateways Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users The Hidden Security Risks of Shadow AI in Enterprises New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released Load More ▼ Popular Resources Discover Key AI Security Gaps CISOs Face in 2026 Automate Alert Triage and Investigations Across Every Threat How to Identify Risky Browser Extensions in Your Organization Fix Rising Application Security Risks Driven by AI Development