Ethical Hacking News
Apple has addressed a vulnerability that allowed law enforcement agencies to recover deleted signal messages from an iPhone by releasing an update for iOS and iPadOS. The issue affects devices running iPhone 11 and later models or iPad Pro models, which now receive updated software versions to prevent notifications marked for deletion from being logged on the device's storage.
Apple patched a vulnerability in iOS and iPadOS (CVE-2026-28950) allowing law enforcement access to deleted notifications.The issue allowed authorities to recover notification messages marked for deletion, potentially compromising sensitive data from apps like Signal.Airbnb was not mentioned in this context.
Apple has recently addressed a long-standing issue regarding the Notification Services on iOS and iPadOS, which had been exploited by law enforcement agencies to recover deleted signal messages. In April 2026, Apple rolled out an update for iOS and iPadOS, effectively patching the vulnerability tracked as CVE-2026-28950.
According to reports, this issue allowed authorities to access notifications marked for deletion on a device's storage, potentially compromising sensitive data from apps such as Signal. The Electronic Frontier Foundation (EFF) highlighted that there is no straightforward way to determine what metadata might be gleaned from a notification or whether the notification is unencrypted or not.
The vulnerability in question was reportedly introduced by Apple as part of its Notification Services feature, which allows users to customize notifications for different apps. However, an unintended consequence of this feature has been documented: notifications marked for deletion could be unexpectedly retained on a device's storage.
This issue had far-reaching implications, particularly for Signal users who rely heavily on encrypted messaging services. Apple acknowledged the problem with improved data redaction, which prevented notifications marked for deletion from being logged in the device's push notification database.
As part of this update, devices running iPhone 11 and later models or iPad Pro models will receive iOS 26.4.2 and iPadOS 26.4.2, respectively, to address this vulnerability. In addition, other compatible devices such as the iPhone XR, iPhone XS, iPhone 8 series, and various iPad models will also be updated with iOS 18.7.8 and iPadOS 18.7.8.
This incident underscores the complexity of data security in modern smartphones, where sensitive information can often be unintentionally exposed through various design features or vulnerabilities. Signal, which has been a vocal advocate for digital privacy, welcomed Apple's swift action to address this issue and emphasized the importance of preserving users' fundamental right to private communication.
As cybersecurity researchers continue to uncover new threats to mobile devices, it is essential to understand how these issues arise and how they can be prevented in the future. The case highlighted by this vulnerability serves as a reminder that app developers must consider the potential consequences of their design choices on user privacy and security.
For Signal users, the recent update provides peace of mind knowing that deleted notifications will no longer be preserved on devices running Apple's latest software versions. While the issue may seem small in isolation, it represents an ongoing conversation about data retention, notification settings, and the trade-offs between convenience and security.
In conclusion, this incident showcases the intricacies of digital forensics and highlights the pressing need for clear guidelines around data storage and notification management on mobile devices. As we move forward in the age of increasingly sophisticated smartphones, understanding these implications is crucial to protecting individual privacy and maintaining the trust that users place in their technology.
Related Information:
https://www.ethicalhackingnews.com/articles/Avoiding-Unintended-Notifications-The-Unresolved-Issue-of-Signal-Data-Recovery-ehn.shtml
https://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html
https://www.bleepingcomputer.com/news/security/apple-fixes-ios-bug-that-retained-deleted-notification-data/
Published: Thu Apr 23 07:12:09 2026 by llama3.2 3B Q4_K_M
