Apple patches iOS bug that allowed the FBI to read Signal messages

Apple has released an out-of-band update for iOS and iPadOS, versions 26.4.2 and 18.7.8, respectively. It is intended to fix a vulnerability in Notification Services. The bug, CVE-2026-28950, caused deleted notifications to remain stored on the device. The FBI reportedly exploited this to recover Signal messages.

Apple describes the issue as follows: “Notifications marked for deletion might have been unexpectedly retained on the device.” The company has resolved the issue through improved data redaction, including the removal of existing cached copies, but provides no further technical details on how long data could remain on a device or how it could be recovered.

How the FBI Retrieved Signal Messages

The real reason behind the emergency update becomes clearer through reports elsewhere. These describe how the FBI managed to recover deleted Signal messages from a suspect’s iPhone. The recovered data came from iOS’s internal notification storage, not from Signal’s own encrypted message archive. According to court documents published by supporters of the suspects, the notifications were still present even after Signal had been completely removed from the device.

Signal has expressly thanked Apple for its swift response. The communications team states that this step demonstrates Apple’s understanding of the sensitivity of this issue as part of an “ecosystem designed to safeguard the fundamental human right to private communication.”

What can users do?

Users are advised to install iOS 26.4.2 as soon as possible via Settings > General > Software Update. Those still running iOS 18 can update to iOS 18.7.8. Apple has not confirmed whether the vulnerability was actively exploited, nor why the update was released outside the usual release cycle.

Those who want to be extra cautious can adjust the notification settings in Signal. Via Settings > Notifications > Notification Content, it is possible to limit the display to “Name Only” or “No Name or Content.” This prevents message content from appearing in the iOS notification storage at all.

Also read: Tim Cook steps down as Apple CEO; John Ternus to succeed him

Workday is well prepared for the EU AI Act, who will follow?

Many organizations are facing a challenging deadline on August 2. The rollout of the EU AI Act, which takes e...

Erik van Klinken April 15, 2026

Cisco and ML6 are helping organizations prepare for the EU AI Act

Cisco and ML6 have signed a memorandum of understanding to accelerate secure AI innovation in Europe. ML6 is ...

Erik van Klinken April 14, 2026

Expert Talks

Tech calendar

Apple patches iOS bug that allowed the FBI to read Signal messages

How the FBI Retrieved Signal Messages

What can users do?

Stay tuned, subscribe!

Google presents TPU 8t and TPU 8i chips; splits training and inference

Scale Computing sets edge platform’s software ever more free from hardware constraints

How Falco catches threats that static analysis misses

Why vulnerability counting fails: a new approach to risk ops

How Ansible becomes the execution layer for agentic AI

Cisco reimagines network ops with agentic AI

Anthropic’s Mythos preview: why the human layer matters more, not less

Why SAST is growing in importance in the age of AI-generated source code

Infosecurity Europe announces first wave of keynote speakers for 2026

Better connected business technology is essential for prosperity in the Netherlands

SAS Innovate 2026

Team '26

Knowledge 26

GISEC GLOBAL 2026

Red Hat Summit

DevOpsCon London

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices