**Apple** has released emergency security updates for iPhone and iPad devices to patch a Notification Services flaw that could allow notifications slated for deletion to remain stored on the device. ### Vulnerability Details The bug, tracked as **CVE-2026-28950**, was addressed on April 22, 2026, in iOS 26.4.2 and iPadOS 26.4.2, as well as in iOS 18.7.8 and iPadOS 18.7.8. "Notifications marked for deletion could be unexpectedly retained on the device," states the **Apple** security bulletin. **Apple** indicated that the flaw was resolved through improved data redaction but did not provide further specifics. The company has not disclosed whether the vulnerability was actively exploited or the reason for the out-of-band release. Technical details regarding the duration of notification data retention and potential recovery methods remain undisclosed. ### Speculation and the FBI While **Apple** hasn't explicitly stated the reason for this emergency update, recent reporting by **404 Media** detailed how the **FBI** recovered copies of **Signal** messages from a suspect's iPhone, even after they were deleted within the app. According to trial notes published by supporters of the defendants, the recovered data originated not from **Signal**'s encrypted message store, but from the iPhone's notification storage. "Messages were recovered from Sharp's phone through **Apple**'s internal notification storage — **Signal** had been removed, but incoming notifications were preserved in internal memory," the notes state. ### Signal's Response **Signal** has publicly thanked **Apple** for promptly addressing a vulnerability that threatened the privacy of conversations. "We’re grateful to **Apple** for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication," **Signal** said in a statement. **404 Media** also reported that notification data persisted even after **Signal** was removed from the device. **Apple**'s advisory does not directly reference the case, but its description of notifications being retained aligns closely with the data persistence described in the report. ### Mitigation Users are strongly advised to install the latest updates immediately to prevent the unintended retention of deleted notification data. Furthermore, users can prevent **Signal** message content from being retained in iOS notification data storage by navigating to **Signal Settings** > **Notifications** > **Notification content** and setting **Show** to "Name Only" or "No Name or Content". **BleepingComputer** has contacted **Apple** for further clarification on these updates but has yet to receive a response.  ## [99% of What Mythos Found Is Still Unpatched.](https://hubs.li/Q04crVgD0) AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what's exploitable, proves controls hold, and closes the remediation loop. [Claim Your Spot](https://hubs.li/Q04crVgD0)