Apple released security updates for iPhone and iPad this Tuesday. The packages fix a flaw in notification services that kept data marked for deletion.
The fix arrives in two main versions. Usuários with iOS 26 receives 26.4.2. Older Modelos get 18.7.8. Ambas addresses the same issue identified as CVE-2026-28950.
Falha involved unexpected retention of notifications
The problem allowed deleted notifications to remain stored on the device. Isso occurred even after the user marked the content for removal. A data recording issue caused the retention. Apple resolved with improved information redaction.
Recent Relatos reports have shown that authorities used forensic tools to access messages from Signal. The encrypted messaging app had content preserved in the push notification bank. Mesmo after deleting the application, copies were available. The case gained attention in federal investigations into Estados Unidos.
Especialistas highlight that physical access to the device facilitated extraction. Notificações often carry message snippets or metadata. Isso exposes users to risky situations.
Dispositivos affected and available versions
The iOS 26.4.2 and iPadOS 26.4.2 update applies from iPhone 11 onwards. Ela also covers recent iPads such as Pro from third generation onwards, Air from third generation, basic models from eighth generation onwards and mini from fifth generation.
- iPhone 11 and later
- iPad Pro 12.9 inches (3rd generation onwards)
- iPad Pro 11 inch (1st generation onwards)
- iPad Air (3rd generation onwards)
- iPad (8th generation onwards)
- iPad mini (5th generation onwards)
Para older devices, Apple released iOS 18.7.8 and iPadOS 18.7.8. The list includes iPhone XR up to iPhone 16e, as well as several iPads with A16, A17 Pro, M2 and M3 chips.
The company recommends immediate installation. Updates appear automatically for those who have updates turned on.
Como failure impacted messaging apps
Signal offers an option to hide content from notifications. Mesmo thus the iOS bug kept internal logs. Usuários could configure the app to only show name or nothing in notifications.
Após the patch, inadvertently preserved notifications are removed. Novas notifications from deleted apps will no longer be retained. Signal thanked Apple for quickly handling the case.
Electronic Frontier Foundation (EFF) reinforced the importance of reviewing notification permissions. Muitos apps send sensitive data without full encryption in push notifications.
What changes for regular users
The fix strengthens privacy in physical access scenarios. Ferramentas forensics used by investigators now finds less residual data.
- Instale update as soon as possible
- Verifique notification settings in sensitive apps
- Considere disable content notifications for private messages
- Mantenha the device always updated with the latest versions
The patch requires no additional action beyond installation. Apple removed old copies automatically.
Detalhes correction technicians
The vulnerability was classified as a logging issue. Apple has improved the way data is handled before storing. Não CVSS score is not disclosed, but the impact was privacy relevant.
Atualizações security features like this usually come without major visual changes. The focus is on stability and protection. Usuários notice little difference in everyday life after installing.
The release occurred on April 22, 2026. Ela demonstrates Apple’s rapid response to real-world usage reports of the flaw.
