Full Report
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction. "Notifications marked for deletion could be unexpectedly retained on the device,"
Analysis Summary
# Vulnerability: Improper Retention of Deleted App Notifications in iOS/iPadOS
## CVE Details
- **CVE ID:** CVE-2026-28950
- **CVSS Score:** N/A (Not assigned by vendor at time of report)
- **CWE:** Logging issue / Inadequate Data Redaction
## Affected Systems
- **Products:** Apple iPhone and iPad
- **Versions:**
- iOS and iPadOS versions prior to 26.4.2
- iOS and iPadOS versions prior to 18.7.8
- **Configurations:** Devices utilizing Apple’s Push Notification Services for third-party messaging applications (notably Signal).
## Vulnerability Description
This vulnerability is characterized as a logging and data redaction defect within iOS Notification Services. Under normal operations, notifications for deleted apps or messages marked for deletion should be purged from the device. However, this flaw caused notification content to be unexpectedly retained within a local push notification database. This allows notification metadata and message snippets to persist on the physical storage of the device even after the associated application has been uninstalled or the messages deleted by the user.
## Exploitation
- **Status:** **Exploited in the wild** (Utilized by law enforcement in forensic investigations to extract Signal messages).
- **Complexity:** High (Requires sophisticated forensic tools).
- **Attack Vector:** **Physical** (Requires direct physical access to the device and bypass of device encryption/locking mechanisms to access the database).
## Impact
- **Confidentiality:** High (Sensitive message contents and communication metadata can be recovered).
- **Integrity:** None.
- **Availability:** None.
## Remediation
### Patches
Apple has released the following updates to address the flaw through improved data redaction:
- **iOS 26.4.2 / iPadOS 26.4.2:** For iPhone 11 and later, and recent iPad models.
- **iOS 18.7.8 / iPadOS 18.7.8:** For older supported hardware including iPhone XR, XS, and various iPad generations.
### Workarounds
- **Notification Settings:** Users can limit data exposure by navigating to Signal Settings > Notifications > Show, and selecting "Name only" or "No name or message." This prevents the message content from being sent to the notification database in the first place.
- **Notification Disabling:** The EFF suggests disabling notifications entirely for high-risk applications to prevent any potential metadata logging.
## Detection
- **Indicators of Compromise:** Hard to detect via standard user interface. Detection requires advanced forensic analysis of the device's internal databases.
- **Detection Methods:** Forensic extraction of the `Push Notification History` database (typically performed by law enforcement or specialized security researchers).
## References
- **Vendor Advisories:**
- hxxps://support.apple.com/en-us/127002
- hxxps://support.apple.com/en-us/127003
- **Related News:**
- hxxps://thehackernews.com/2026/04/apple-patches-ios-flaw-that-stored.html
- hxxps://signal.org/hc/en-us/articles/360043273491-In-App-Notification-Options