Apple releases iOS 26.4.2 to protect notification cached message data

By Beatriz • April 23, 2026 • 4 min de leitura

WhatsApp Twitter Facebook Follow on Google E-mail

Photo: Apple logo - Michael Derrer Fuchs / Shutterstock.com

Apple released the iOS 26.4.2 update for iPhones and iPadOS 26.4.2 for iPads this Wednesday. The measure corrects a security flaw in the notification system. The issue allowed data from notifications marked for deletion to remain stored on the device.

The company also released iOS 18.7.8 and iPadOS 18.7.8 for older models. Usuários can install the fix from the software updates section in the device’s settings. Apple described the change as improving data redaction in a registry issue.

Falha allowed retention of deleted notifications

The error affected the internal push notification database. Notificações that should be removed remained accessible in the device’s local memory. Isso occurred even when the user manually deleted messages or uninstalled applications.

Ferramentas forensics could recover snippets of text from previews. The case gained attention following a report on the FBI’s investigation into Texas in July 2025. Agentes accessed messages from an encrypted communications app through the system cache, and not through the app itself.

The app’s end-to-end encryption remained intact. Access was limited to fragments stored outside the app due to the generation of previews on the lock screen. Mensagens sent did not trigger the same mechanism.

Notificações of received messages generated stored previews
Automatic Exclusão in the app did not completely clear the system cache
Ferramentas as Cellebrite and GrayKey extracted the retained data
The problem only affected push notification content
Previous Atualização required manual disabling of previews

iOS 26 – jackpress/shutterstock.com

Correção involves enhanced data cleaning

Apple resolved poor logging with more robust data sanitization. The system now reliably removes information from notifications as soon as they are marked for deletion. The change occurs at the operating system level.

The update does not require changes to user habits. Quem kept previews enabled gains automatic protection. Antes, the only effective way to avoid retention was to manually disable the feature in settings.

CVE-2026-28950 identifies the vulnerability. The official Apple documentation only mentions the technical fix without additional details about previous exploitation. The company tends to avoid commenting on ongoing investigations.

Dispositivos compatible with new versions

Modelos from iPhone 11 onwards receive iOS 26.4.2 and iPadOS 26.4.2. The list includes third-generation iPad Pro, third-generation iPad Air, eighth-generation iPad, and fifth-generation iPad mini. Older Versões get iOS 18.7.8 and iPadOS 18.7.8.

The iOS 26.4.2 build is 23E261. The one for iOS 18.7.8 is 22H352. Ambas updates are available via over-the-air download. The process takes a few minutes and requires a stable internet connection.

Como install the security update

Abra the Ajustes app on iPhone or iPad. Vá to Geral and then Atualização to Software. The system checks availability and starts the download if the latest version appears. The device may restart during installation.

Especialistas recommend updating as soon as possible. The fix closes a loophole that exposed sensitive data in notifications. Quem uses apps with temporary or encrypted messages and gains an extra layer of protection on the device.

Apple maintains a policy of not discussing vulnerabilities until patches are released. Official support only lists the technical description of the resolved issue. Usuários in previous versions should check the availability of the corresponding fix.

The launch comes as the company prepares the next major version of the system. Testes beta of iOS 26.5 is still underway and WWDC 2026 is approaching. The security patch arrives independently to urgently protect current devices.

Impacto for messaging app users

The adjustment mainly benefits those who receive notifications with text content. Apps and Signal, which offer automatic deletion, now have more effective cleaning on iOS. Fragmentos that were previously held in the cache should no longer persist.

The change reinforces local privacy without interfering with end-to-end encryption. Usuários does not need to disable previews to maintain security. The operating system takes care of removal automatically after the update.

Previous Relatos indicated that the problem was restricted to incoming messages. Mensagens sent did not generate notifications in the same format on the sender’s device. The limitation reduced the scope of data accessible by external tools.

Apple recommends that all eligible users install the update. The process is simple and does not erase personal data. Dispositivos with automatic updates enabled should receive the package soon.

Ficha technical updates

Versão: iOS 26.4.2 (build 23E261)
Versão: iPadOS 26.4.2 (build 23E261)
Versão for older models: iOS 18.7.8 (build 22H352)
Versão for older models: iPadOS 18.7.8 (build 22H352)
Major Correção: Registration issue with notification services
Dispositivos supported: iPhone 11 and above, iPads listed
Installation Método: Ajustes > Geral > Atualização from Software

The update strengthens data protection in the Apple ecosystem. Ela demonstrates attention to information retention issues even in scenarios of intentional user deletion.