Apple patches iOS bug that caused deleted Signal notifications to persist

Colleagues, please note a cybersecurity incident. Apple released a patch for CVE‑2026‑28950: notifications marked for deletion could remain in the device’s local database.
Briefly:
- 404 Media reported the FBI extracted copies of incoming Signal messages from iPhones via retained notifications.
- Apple said the issue was due to logging and has remedied it by improving data sanitisation.
- Fixes are available in iOS/iPadOS (including 26.4.2 and 18.7.8); Signal confirms retained notifications are removed after updating.
Why it matters: physical access to a device can lead to message exposure — apply updates and review notification settings.
Have you checked your organisation’s devices for updates?
#cybersecurity #iOS #privacy #forensics


Latest comments
No comments yet.