APPLE fixed an iOS flaw that kept deleted notifications on devices, allowing recovery of messages, including from Signal. Apple released updates for iOS and iPadOS to address the vulnerability CVE-2026-28950, a flaw in Notification Services that stored notifications even after deletion, with the company saying the fix improves how data is redacted and handled on devices.
The patch arrives alongside an FBI-related forensics discussion about Signal messages on an iPhone, which helped reignite debates about mobile privacy and whether disappearing messages truly erase traces. Investigators recovered only incoming messages from a suspect’s iPhone after Signal had been uninstalled, not outgoing ones, because the data came from Apple’s push notification storage rather than Signal’s encryption.
According to Apple, the issue impacts iPhone 11 and later, various iPad and iPhone models across multiple generations, and several iPad and iPhone variants listed in the advisory; iOS 26.4.2 and iPadOS 26.4.2, and iOS 18.7.8 and iPadOS 18.7.8 releases address the flaw. Signal welcomed the quick fix, noting that no user action is required and that stored notifications are deleted after installing the update.