Apple fixes iOS bug that retained deleted notification data

Summary

Apple released out-of-band security updates for iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 to fix CVE-2026-28950, a flaw where notifications marked for deletion remained stored on devices. The vulnerability likely stems from a recent FBI case where Signal message notifications were recovered from a suspect's iPhone even after deletion. Apple improved data redaction to fix the issue but provided no details on exploitation or technical specifics.

Full text

Apple fixes iOS bug that retained deleted notification data By Lawrence Abrams April 22, 2026 04:58 PM 0 Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device. The bug, tracked as CVE-2026-28950, was fixed on April 22, 2026, in iOS 26.4.2 and iPadOS 26.4.2 and in iOS 18.7.8 and iPadOS 18.7.8. "Notifications marked for deletion could be unexpectedly retained on the device," reads the Apple security bulletin. Apple says the flaw was fixed through improved data redaction but provided no additional information. However, the company has not said whether the flaw was exploited in attacks or why it was addressed outside the normal security update cycle. Apple also did not share technical details about how long notification data remained on the device or how it could potentially be recovered. While Apple has not explained why it released this emergency update, recent reporting by 404 Media described how the FBI recovered copies of Signal messages from a suspect's iPhone, even after they had been deleted in the app. According to trial notes published by supporters of the defendants, the recovered data did not come from Signal's encrypted message store, but instead from iPhone's notification storage. "Messages were recovered from Sharp's phone through Apple's internal notification storage — Signal had been removed, but incoming notifications were preserved in internal memory," the notes state. 404 also reported the notification data was retained even after Signal was deleted from the device. Apple's advisory does not reference the case, but its description of notifications being retained on the device closely aligns with the type of data persistence described in that report. Users are advised to install the latest updates as soon as possible to prevent deleted notification data from being unexpectedly retained on their devices. Furthermore, it is possible to prevent Signal message content from being retained in the iOS notification data storage by going to Signal Settings > Notifications> Notification content and setting Show to "Name Only" or "No Name or Content". BleepingComputer contacted Apple with questions about these updates, but has not yet received a response. 99% of What Mythos Found Is Still Unpatched. AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. Claim Your Spot Related Articles: Apple patches older iPhones and iPads against Coruna exploitsApple expands iOS 18 updates to more iPhones to block DarkSword attacksCoruna iOS exploit framework linked to Triangulation attacksCISA orders feds to patch DarkSword iOS flaws exploited attacksSpyware-grade Coruna iOS exploit kit now used in crypto theft attacks

Indicators of Compromise

• cve — CVE-2026-28950

Entities