Apple has released a critical security update for iPhones and iPads after fixing a vulnerability that reportedly enabled law enforcement tools to recover deleted chat messages, including disappearing conversations from privacy-focused apps.
The flaw was traced to how iOS handled notification data at the system level. Security researchers found that message previews displayed in push notifications were being temporarily stored on devices, even after users had deleted the original chats from apps such as Signal.
This meant that forensic software used by investigative agencies could potentially retrieve cached notification fragments, allowing partially reconstructed conversations that users assumed were permanently erased.
The vulnerability, identified as CVE-2026-28950, has now been patched in Apple’s latest software release—iOS 26.4.2 and iPadOS 26.4.2—as well as updates for older supported devices. Apple says the fix improves how notification data is processed and ensures deleted content is fully removed from local storage.
The issue came into wider public attention following a report indicating that U.S. federal investigators had successfully accessed deleted Signal messages from a suspect’s iPhone by extracting residual notification data rather than breaking into the app itself.
The development raised fresh concerns among privacy advocates, particularly Signal, which reiterated that disappearing messages should not be recoverable through system-level loopholes. The platform and digital rights groups later welcomed Apple’s swift response to close the gap.
Apple has advised users to update their devices immediately, stressing that the patch strengthens privacy protections and reduces the risk of unauthorized access to sensitive data.
While Apple has not confirmed how widely the flaw may have been exploited, cybersecurity analysts say the fix eliminates a significant weakness in mobile data handling that could have been leveraged in forensic investigations.
