CT
CyberTimes
HomeThreat WatchCVE-2026-28950
Vulnerability Advisory

CVE-2026-28950

Apple has patched CVE-2026-28950 in iOS 26.4.2 and iOS 18.7.8 — a logging bug that retained deleted Signal notifications in the device's push notification database, allowing forensic extraction by the FBI even after the app was deleted. Update your iPhone and iPad immediately.

Severity
high
CVSS Score
0 / 10
Fix Status
Patch available
Exploitation
Actively exploited
Published
Apr 23, 2026

Affected Products

  • iOS and iPadOS — all versions prior to iOS 26.4.2 (for iPhone 11 and later, iPad Pro 3rd gen and later, iPad Air 3rd gen and later, iPad 8th gen and later, iPad mini 5th gen and later) iOS and iPadOS — all versions prior to iOS 18.7.8 (for iPhone XR, XS, XS Max, iPhone 11 through 16e, iPad 7th gen through current, iPad Air 3rd through M3, iPad Pro 11-inch 1st gen through M4, iPad Pro 12.9-inch 3rd through 6th gen, iPad Pro 13-inch M4)

Key Facts

  • Apple has patched CVE-2026-28950, a logging flaw in iOS Notification Services that caused notifications marked for deletion — including Signal messages — to be unexpectedly retained in the device's push notification database rather than being permanently erased.
  • The FBI exploited this flaw forensically in a live court case, extracting copies of incoming Signal messages from a defendant's iPhone even after the Signal app had been completely deleted from the device — proving that "deleted" messages were never truly gone from the operating system level.
  • The patch is available in iOS 26.4.2 and iOS 18.7.8 — once installed, Apple confirms that all inadvertently preserved notifications will be automatically deleted and no future notifications will be retained after deletion.
  • Signal itself is not at fault — the flaw exists entirely within Apple's iOS notification infrastructure. However, Signal users can additionally reduce their exposure by disabling message content in notifications, limiting what the OS ever stores in the first place.

Full Analysis

CVE-2026-28950: Apple Patches iOS Flaw That Let FBI Extract Deleted Signal Messages From Push Notification Database

Deep-dive: technical breakdown, real-world impact, complete remediation steps, and expert context.

Read the full report →
← All threat reportsAll articles