Full Report
Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on the device. [...]
Analysis Summary
# Vulnerability: Apple Notification Services Data Retention Flaw
## CVE Details
- **CVE ID:** CVE-2026-28950
- **CVSS Score:** N/A (Not provided in source; however, implications suggest a moderate impact on data privacy)
- **CWE:** CWE-459: Incomplete Cleanup
## Affected Systems
- **Products:** iPhone and iPad devices
- **Versions:**
- iOS versions prior to 26.4.2 and 18.7.8
- iPadOS versions prior to 26.4.2 and 18.7.8
- **Configurations:** Devices receiving notifications from messaging apps (e.g., Signal) even if messages are deleted within the app or the app itself is uninstalled.
## Vulnerability Description
A flaw exists in Apple's Notification Services where data marked for deletion is unexpectedly retained within the internal notification database. While the primary application (such as an encrypted messenger) may delete its internal message store, the iOS system-level notification history fails to perform proper data redaction or cleanup. This allows sensitive message content to persist in the device's internal memory/storage.
## Exploitation
- **Status:** Not publicly confirmed as exploited in the wild by threat actors, but documented as used by law enforcement (FBI) for forensic data recovery.
- **Complexity:** High (Requires physical access or specialized forensic extraction tools).
- **Attack Vector:** Physical / Local.
## Impact
- **Confidentiality:** High (Sensitive information, including content from encrypted messaging apps, can be recovered).
- **Integrate:** None.
- **Availability:** None.
## Remediation
### Patches
Apple has released out-of-band updates to address this issue through improved data redaction:
- **iOS 26.4.2** and **iPadOS 26.4.2**
- **iOS 18.7.8** and **iPadOS 18.7.8**
### Workarounds
Users who cannot immediately update can mitigate the risk of message content exposure by:
- Navigating to **Signal Settings** > **Notifications** > **Notification Content**.
- Setting the **Show** option to **"Name Only"** or **"No Name or Content"**. This prevents the sensitive text from being passed to the iOS notification database.
## Detection
- **Indicators of Compromise:** This is a data persistence flaw rather than an active exploit; therefore, typical IOCs do not apply.
- **Detection Methods:** Digital forensic analysis of the internal iOS notification database (typically requires advanced forensic software used by investigators).
## References
- Apple Security Bulletin: [https[:]//support.apple.com/en-us/127002]
- 404 Media Report: [https[:]//www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/]
- BleepingComputer Article: [https[:]//www.bleepingcomputer.com/news/security/apple-fixes-ios-bug-that-retained-deleted-notification-data/]