Apple has released an important security fix in updates iOS 26.4.2 and iPadOS 26.4.2 for iPhone and iPadrespectively, released this Tuesday. Both include a patch for a vulnerability identified as CVE-2026-28950, which allowed the FBI to extract messages from a suspect’s iPhone, even after they had been deleted within the app.
Although Apple has not made reference to any specific case of exploitation of this ‘bug’ or failure, the correction comes after 404 Media published an article earlier this month, detailing how the FBI managed to recover encrypted and deleted Signal messages from an iPhone.
It was the phone number of a suspect in the call Prairieland casein which a group of people attacked the Prairieland immigration detention center in Alvarado, Texas, on the night of July 4, 2025, and a police officer was shot and wounded. The research also maintains that part of the coordination was done through Signal groups. The accused, including Lynette Sharpthe person whose phone was analyzed, were charged with alleged activities linked to the self-proclaimed ‘Antifa’.
The FBI managed to access the messages without breaking Signal’s signature end-to-end encryption or finding a way to exploit the app itself. Instead, exploited a flaw in the internal iOS push notification database.
When the user received a Signal message, her iPhone generated a notification on the lock screen with a preview of the text. Although the user had set the messages to ‘disappear’ within Signal and later uninstalled the app completely, those previews remained on the device.
The text was saved in a system cache, allowing forensic tools to extract that data directly from the device. This method obviously has the important limitation that it can only retrieve incoming messages, not outgoing ones.
Before this new update from Apple, the only way to protect against this type of data extraction was change notification settings. You could go into Signal and configure notifications to show ‘No name or content’, or modify that setting generally on iOS.
Apple, on its support page, describes the update as a fix for an issue for which ‘notifications marked for deletion may unexpectedly remain on the device’. It does not specifically mention Signal, but instead talks about the vulnerability as a flaw that affects notifications in general. The company notes that ‘a logging issue was addressed with an improvement to data redaction.’
SecurityWeek quotes a person responsible for jamfa company that develops software for managing Apple’s mobile devices and computers, saying that the exposure reached ‘any app that displays content in push notifications’.
We are very happy that today Apple issued a patch and a security advisory. This comes following @404mediaco reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted.
Apple’s advisory confirmed that the bugs that allowed this to…
— Signal (@signalapp) April 22, 2026
‘We thank Apple for its quick action and their understanding of the importance of these types of issues. An ecosystem is needed to preserve the fundamental human right to private communication,’ Signal said in X.
The update is available for iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.