Apple fixes iOS flaw that retained deleted notifications, allowing recovery of Signal and other chat message previews.
Apple has released an urgent security update to patch a privacy flaw in iOS and iPadOS that allowed deleted notifications, including previews from secure messaging apps, to remain stored on devices.
The vulnerability, tracked as CVE-2026-28950, affected the system’s Notification Services and could allow previously deleted message previews to be recovered through forensic tools. Reports indicate the flaw impacted notifications from apps such as Signal, raising concerns over user privacy and message retention.
Apple said the issue stemmed from a logging flaw where notifications marked for deletion were unexpectedly retained on the device. The company addressed the bug through improved data redaction and storage handling in iOS 26.4.2 and iPadOS 26.4.2.
The issue drew attention after reports suggested law enforcement agencies, including the FBI, had previously used forensic extraction tools to recover deleted message previews from iPhones during criminal investigations. In some cases, this included messages that had disappeared inside encrypted apps.
Security researchers noted that while the flaw did not directly compromise the messaging apps themselves, the operating system’s cached notification database created an unintended privacy exposure that could persist even after messages were deleted or the app was removed.
Apple is urging users with supported devices to install the latest software update immediately to ensure any inadvertently preserved notification data is removed and future retention is prevented.
Related articles :
- Germany Warns of Signal Phishing Targeting Officials
- Coruna iOS Exploit Kit Reuses Triangulation Zero-Days
- EncroChat leads to over 6500 arrests EUR 900 M seized
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
