![\"Apple](\"https:\/\/www.newsbeep.com\/us\/wp-content\/uploads\/2026\/04\/1776959831_254_0x0.png\")
<\/p>\n<\/p>\n
Apple’s iOS 26.4 and iOS 18.7.8 fix the same flaw, in Notification Services, where notifications marked for deletion could be unexpectedly retained on the device.<\/p>\n
Apple iPhone<\/p>\n
Update Apr. 24, 2026: This article, originally published on Apr. 23, 2026, has been updated to include confirmation from Signal and expert commentary about the issue fixed in iOS 26.4.2 and iOS 18.7.8, as well as bug fixes and privacy advice.<\/p>\n
Apple has released iOS 26.4.2 and iOS 18.7.8, along with a warning to update your iPhone now. That\u2019s because iOS 26.4 and iOS 18.7.8 fix a single security vulnerability in the iPhone software, which could be pretty serious. <\/p>\n
Apple doesn\u2019t provide much detail about what\u2019s fixed in iOS 26.4.2 and iOS 18.7.8, to allow as many users to upgrade before attackers can get hold of the details. But it does reveal that iOS 26.4 and iOS 18.7.8 fix the same flaw, in Notification Services, where notifications marked for deletion could be unexpectedly retained on the device, according to Apple\u2019s support page<\/a>.<\/p>\n Tracked as CVE-2026-28950, it seems the issue was released as an emergency update for a reason. It appears to be the same vulnerability used by the FBI to extract copies of incoming Signal messages<\/a> from a defendant\u2019s iPhone due to copies of the content being saved in the push notification database, first reported by 404 Media<\/a>.<\/p>\n While Apple doesn\u2019t comment on the details of the fixes in iOS 18.7.8 and iOS 26.4.2, Bleeping Computer<\/a> points out that \u201cits description of notifications being retained on the device closely aligns with the type of data persistence described in that report.\u201d<\/p>\n I have asked Apple to comment and will update this article if the iPhone maker responds.<\/p>\n Signal Confirms iOS 26.4.2 and iOS 18.7.8 Fix Known Issue<\/p>\n Signal has confirmed iOS 26.4.2 and iOS 18.7.8 fix the issue in question. \u201cWe are very happy that today Apple issued a patch and a security advisory,\u201d Signal wrote on X, formerly Twitter, adding that the move comes following 404 Media\u2019s reporting “that the FBI accessed Signal message notification content via iOS despite the app being deleted.\u201d<\/p>\n Apple\u2019s advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release, Signal. added<\/p>\n Signal also pointed out the no action is needed for this fix to protect Signal users on iOS. \u201cOnce you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications.\u201d<\/p>\n \u201cWe\u2019re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication,\u201d Signal added.<\/p>\n iOS 18.7.8 Is Also Available For Newer iPhones<\/p>\n Another security implication of this latest update is the fact that iOS 18.7.8 is also available for later generations of the iPhone, signalling that Apple is now offering iOS 18 to those who want to stay on the older operating system. <\/p>\n It comes after the iPhone maker released iOS 26.4<\/a> last month, including the ability to update to iOS 18.7.7<\/a> even if you own a newer device. The reason for this was DarkSword, a dangerous spyware that was using iPhone vulnerabilities to attack Apple users. Perhaps Apple is changing its tactics to ensure all users are secured in the face of major risks \u2014 certainly when it issues emergency updates to the iPhone software such as iOS 26.4.2 and iOS 18.7.8.<\/p>\n \u201cApple shipping a dedicated patch for a single issue and backporting it to iOS 18 in the same release, tells you exactly how seriously they take the integrity of their platform,\u201d says Adam Boynton, senior enterprise strategy manager at Jamf.<\/p>\n He describes how a forensic examiner reconstructing notifications a user believed were deleted is like \u201creading a compressed timeline of someone’s working life.\u201d<\/p>\n \u201cThey include the likes of two-factor codes, previews from work chat platforms, calendar invites, customer alerts and even internal security pings,\u201d Boynton warns.<\/p>\n The FBI and Signal case is \u201ceye-catching,\u201d but the underlying exposure applies to any app that surfaces content in push notifications, which is most enterprise collaboration tools in daily use, he says.<\/p>\n Notifications Issue Fixed In iOS 26.4.2 And iOS 18.7.8<\/p>\n The issue patched iOS 26.4.2 and iOS 18.7.8 is caused by the device retaining notifications. In the case of encrypted apps such as Signal, it would mean anyone could read messages that arrived in notification form \u2014 even after the app itself is deleted.<\/p>\n Even when an app is deleted, some operating systems will retain information in places you might forget about. It\u2019s therefore important to be privacy focused from the outset with all apps, says Jake Moore, global cybersecurity advisor at ESET. \u201cUpdating will have removed this glitch enabling the storing of sensitive information but it\u2019s important to remember that notifications aren\u2019t directly organised by their native apps,\u201d Moore warns.<\/p>\n Moore says notification information is \u201cbest kept to a minimum\u201d on your iPhone, adding that this can be set to a limited amount such as who it\u2019s from \u2014 \u201cor even just a note to say there is a message.\u201d<\/p>\n For Android users, there is another issue to note. Some Android phones will even keep messages in their separate notifications folder after they have been deleted or set to disappear, so it\u2019s best to keep sensitive information down to a minimum where possible, Moore says.<\/p>\n Updating to the new iOS \u2014 either iOS 26.4.2 or iOS 18.7.8 \u2014 will help with these latest findings, says Moore. However, he advises keeping privacy in mind where possible. \u201cThis helps keep data leakage to a minimum as deleted doesn\u2019t always mean deleted.\u201d<\/p>\n Bug Fixes In iOS 26.4.2<\/p>\n Apple\u2019s iOS 26.4.2 also fixes bugs in the iOS operating system, including improved keyboard accuracy when typing quickly. It was an annoying issue, so after updating to iOS 26.4.2, I\u2019m hoping I can type messages without numerous errors once again.<\/p>\n