Apple releases security fix to prevent retention of deleted notifications on iOS

Apple released this Tuesday, April 22, 2026, security updates for iPhone and iPad aimed at correcting a critical flaw in the notifications system. The issue allowed data marked for deletion to remain stored on devices even after the user deleted the content. The vulnerability, identified as CVE-2026-28950, affected the privacy of users in situations of physical access to the device, especially during forensic investigations.

Versões available and compatible devices

Apple made two update packages available depending on the device generation. Newer Modelos receive iOS 26.4.2 and iPadOS 26.4.2, while older devices receive iOS 18.7.8 and iPadOS 18.7.8. Ambas versions address the same notification retention issue.

The iOS 26.4.2 update is targeted at the following devices:

• iPhone 11 and later
• iPad Pro 12.9 inches (3rd generation onwards)
• iPad Pro 11 inch (1st generation onwards)
• iPad Air (3rd generation onwards)
• iPad (8th generation onwards)
• iPad mini (5th generation onwards)

Older Dispositivos, including iPhone XR through iPhone 16e, receive version 18.7.8. The company recommends immediate installation for all users, with updates appearing automatically for those who have the automatic update function activated.

Como flaw compromised privacy

The issue involved an error in the iOS logging system that caused unexpected notification retention. Mesmo After the user marked content for removal, copies remained stored internally on the device. Recent Relatos reports have shown that authorities used forensic tools to access Signal messages through these residual notifications. The encrypted messaging app had content preserved in the push notification database, exposing users to federal investigations into Estados Unidos.

Especialistas highlight that physical access to the device made extracting this data much easier. Notificações often carry snippets of messages or sensitive metadata without complete encryption, exposing users to risky situations. Signal offered an option to hide notification content, but the iOS bug kept internal records even with this setting active.

Leia Tambem

Park Mi-sun returns to TV after battle with breast cancer

Hiroshima Carp confirm Tokoda against Nippon Ham on the 3rd after game postponed by rain

Older, poorly maintained vehicles face problems when using E10 gasoline

Impacto for encrypted messaging applications

Signal publicly thanked Apple for quickly handling the case. Após the patch, inadvertently preserved notifications are automatically removed, and new notifications from deleted apps will no longer be retained. The fix strengthens privacy in physical access scenarios by making it more difficult for forensic tools to find residual data from private conversations.

Electronic Frontier Foundation (EFF) reinforced the importance of reviewing notification permissions on all applications. Muitos apps send sensitive data without complete encryption in push notifications, making it essential for users to disable content notifications for private messages and keep their devices always updated.

Recomendações for users

Apple has improved the way data is handled before storing it in the notification system. The vulnerability was classified as a logging problem, with no CVSS score disclosed, but with a relevant impact on privacy. Atualizações security features like this usually come without major visual changes, focusing on stability and protection rather than new features.

• Instale update as soon as possible through the device settings
• Verifique notification settings in sensitive apps like messengers
• Considere disable content notifications for private messages and encrypted conversations
• Mantenha the device always updated with the latest security versions

The patch requires no additional action beyond installation, as Apple automatically removes old copies of notifications after the update. Usuários will notice little difference in day-to-day life after installing the fix, but will gain significant protection against unauthorized access to sensitive data in cases of device theft or seizure.