Apple Patches iOS Bug Let FBI Recover Deleted Signal Message Notifications

Apple has released out-of-band security updates for iPhone and iPad that fix a Notification Services flaw tied to the ability of the FBI to recover deleted Signal messages from an iPhone’s notification storage.

“Article updated with statement from Signal thanking Apple for addressing the vulnerability”

BleepingComputer

Multiple outlets describe the vulnerability as a bug that caused “notifications marked for deletion” to be “unexpectedly retained on the device,” with Apple describing the issue as “Notifications marked for deletion might have been unexpectedly retained on the device.”

BleepingComputer

Techzine Global reports Apple released an out-of-band update for iOS and iPadOS versions 26.4.2 and 18.7.8, respectively, to fix the vulnerability tracked as CVE-2026-28950.

Help Net Security similarly says Apple rolled out security updates for iPhones and iPads that fix CVE-2026-28950, describing it as “a logging issue in Notification Services.”

The reporting ties the disclosure to court documents unsealed in Texas federal court, which 404 Media first highlighted on April 9, in a case involving an attack on the Prairieland ICE Detention Facility last July.

TechCrunch adds that Apple’s security notice said the bug meant “notifications marked for deletion could be unexpectedly retained on the device,” and it frames the issue as a result of message content being cached in notifications that displayed the messages’ content.

PCMag reports the update arrived on Wednesday, April 22, and says the flaw meant iPhone and iPad notifications would be accessible on a device for up to a month, while the FBI recovered previews of incoming messages displayed on the phone's home screen from its push notifications database.

The core allegation in the reporting is that the FBI did not break Signal’s encryption, but instead extracted readable previews from Apple’s internal notification storage after Signal messages were deleted or set to disappear.

The News International says, “The FBI didn't break Signal's encryption. It didn't need to,” and it explains that “a bug in Apple's iOS was quietly caching readable previews of Signal messages inside the phone's notification database.”

Help Net Security

It further describes how the FBI forensic examiners “pulled the defendant's Signal messages directly from the iPhone's notification cache,” a storage layer that sits outside Signal’s encrypted environment.

TechCrunch likewise says the FBI could extract deleted or disappeared messages because “notifications that displayed the messages’ content were also cached on the device for up to a month.”

Cointelegraph adds that the court proceedings showed the FBI was able to “forensically extract a defendant's Signal messages from the iPhone's notification database,” which contained “cached, readable previews of incoming Signal messages even after disappearing messages were enabled and the app was deleted.”

Lifehacker describes the mechanics as iPhone notifications being stored in a database on the device, so even after Signal messages were deleted, “their notification data remained in this database, from where the FBI was able to obtain them.”

BleepingComputer states: “Messages were recovered from Sharp's phone through Apple's internal notification storage — Signal had been removed, but incoming notifications were preserved in internal memory.”

Apple’s patch is described across the coverage as addressing the retention of notifications marked for deletion through improved data redaction and removal of cached copies.

“Ad Apple patches bug that allowed FBI to recover deleted Signal messages, receives kudos Published: 23 April 2026 Last updated: 1 hour ago”

Cybernews

Techzine Global says Apple released an out-of-band update intended to fix a vulnerability in Notification Services, and it reports that Apple describes the issue as “Notifications marked for deletion might have been unexpectedly retained on the device.”

It adds that Apple “has resolved the issue through improved data redaction, including the removal of existing cached copies,” while also noting that Apple “provides no further technical details on how long data could remain on a device or how it could be recovered.”

Help Net Security similarly says Apple addressed the problem with “improved data redaction” and that Apple “did not offer more details about the flaw; it just said that the issue was addressed with improved data redaction.”

BleepingComputer states Apple released out-of-band security updates and quotes the Apple security bulletin: “Notifications marked for deletion could be unexpectedly retained on the device,” while also saying Apple fixed the flaw “through improved data redaction but provided no additional information.”

Lifehacker reports that Apple’s release notes for 26.4.2 only offer that the update “provides bug fixes and security updates for your iPhone,” while the official security notes include the specific fix language about notifications being retained.

PCMag quotes Signal’s statement: “We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication.”

After 404 Media’s April 9 report, Signal President Meredith Whittaker publicly pressed Apple to fix the issue, and multiple outlets quote her language about OS-level notification caches.

Cointelegraph says Whittaker called on Apple to quickly fix the issue, noting in an April 14 X post that “notifications for deleted messages shouldn't remain in any OS notification database.”

MacRumors

The News International similarly recounts that Whittaker had already called out Apple in an X post dated April 14, 2023, claiming that notifications for messages that have been deleted should never appear in any OS-level cache.

Telegram co-founder Pavel Durov is also quoted in the reporting, with Cointelegraph saying he argued in an April 14 Telegram post that the only way to truly stay safe was for the app to “force an absence of notification previews” on both ends of a conversation.

PCMag and Help Net Security both include Signal’s gratitude after Apple’s patch, with PCMag quoting the company: “We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication.”

Help Net Security adds that Signal pointed to the patch’s effect on preserved notifications, stating: “Once you install the patch, all inadvertently-preserved notifications will be deleted, and no forthcoming notifications will be preserved for deleted applications.”

The Hacker News also quotes Signal’s X post: “Note that no action is needed for this fix to protect Signal users on iOS,” and it repeats the same “Once you install the patch” language about deleting inadvertently preserved notifications.

Alongside the patch, outlets describe steps for users to reduce the risk of notification previews being stored in iOS notification content.

“Earlier this month, 404 Media broke a fascinating, complex, and concerning story: The FBI had successfully retrieved incoming Signal messages from a defendant's iPhone, despite the fact that those messages were set to self-destruct within the famously secure chat app”

Lifehacker

Techzine Global advises users to install iOS 26.4.2 as soon as possible via Settings > General > Software Update, and it says those still running iOS 18 can update to iOS 18.7.8.

TechCrunch

It also recommends adjusting Signal notification settings, directing users to Settings > Notifications > Notification Content and limiting display to “Name Only” or “No Name or Content.”

Help Net Security provides similar guidance, saying users can open their Signal app’s Settings, go to Notifications, and under the Notification content section choose the second (“Name Only”) or the third option (“No Name or Content”).

BleepingComputer likewise says it is possible to prevent Signal message content from being retained in iOS notification data storage by going to Signal Settings > Notifications> Notification content and setting Show to “Name Only” or “No Name or Content.”

The Hacker News adds that physical access to a device can facilitate extraction of sensitive data from notification metadata, and it quotes the Electronic Frontier Foundation: “For most app notifications, there's no simple way to easily figure out what metadata might be gleaned from a notification, or if the notification is unencrypted or not,” and “It's also good to reconsider whether any app should be sending you notifications to begin with.”

Techzine Global also notes Apple has not confirmed whether the vulnerability was actively exploited and does not explain why the update was released outside the usual release cycle.