### Notification Logging Bug Fixed **Apple** has addressed a privacy concern in its latest iOS and iPadOS updates, resolving an issue where notifications marked for deletion were unexpectedly stored on the device. The vulnerability, identified as **CVE-2026-28950** (CVSS score: N/A), stemmed from a logging issue. The fix involves improved data redaction to ensure that deleted notifications are properly removed. "Notifications marked for deletion could be unexpectedly retained on the device," **Apple** stated in its security advisory. ### Affected Devices and Updates The vulnerability impacted a range of devices, including: * iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later - Fixed in [iOS 26.4.2 and iPadOS 26.4.2](https://support.apple.com/en-us/127002) * iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (2nd generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (3rd generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), iPhone 16e, iPad mini (5th generation - A17 Pro), iPad (7th generation - A16), iPad Air (3rd - 5th generation), iPad Air 11-inch (M2 - M3), iPad Air 13-inch (M2 - M3), iPad Pro 11-inch (1st generation - M4), iPad Pro 12.9-inch (3rd - 6th generation), and iPad Pro 13-inch (M4) - Fixed in [iOS 18.7.8 and iPadOS 18.7.8](https://support.apple.com/en-us/127003) ### FBI's Signal Message Extraction This update arrives shortly after a report by 404 Media detailed how the **U.S. Federal Bureau of Investigation (FBI)** managed to extract **Signal** messages from an iPhone during a forensic investigation. This was possible even after the **Signal** app was deleted, due to copies of the messages being stored in the device's push notification database. The case was related to an attack on the Prairieland ICE detention center facility. While the exact reason for logging notification content remains unclear, **Apple**'s update suggests it was a bug. The timeline of when this issue first appeared is also unknown, raising concerns about potential past data capture by authorities. ### Mitigating Risks **Signal** provides a built-in option to prevent message content from appearing in notifications. However, the incident underscores the risk of physical device access, which can expose sensitive data. The **Electronic Frontier Foundation (EFF)** has emphasized the need for users to be aware of the metadata potentially exposed through notifications, and whether they are encrypted. They also recommend reconsidering whether an app should send notifications at all. To enhance privacy, **Signal** users can navigate to their profile > Notifications > Show, and select "Name only" or "No name or message" to prevent message content from displaying in notifications. **Signal** has confirmed that no user action is required for this fix to take effect on iOS. Once the patch is installed, all inadvertently preserved notifications will be deleted, and no future notifications will be stored for deleted applications. "We're grateful to **Apple** for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication," **Signal** stated on X.