Apple deployed unscheduled patches, specifically iOS 26.4.2 and iOS 18.7.8, for both iPhone and iPad devices. These updates address a security flaw identified as CVE-2026-28950 within the notification service, where previously deleted notifications were unexpectedly persisting in the device’s memory. These releases occurred on April 22nd, outside the regular update schedule, shortly following reports that the FBI successfully extracted correspondence from the Signal messenger application from an iPhone belonging to a suspect, utilizing precisely this Apple notification storage mechanism.
This vulnerability was present in the notification services across both iOS and iPadOS. The company resolved the issue by implementing a revised data concealment process, but they refrained from divulging specific technical details regarding the duration for which the notification data remained accessible, or the precise method by which it could have been retrieved. The emergency issuance followed reports that the FBI managed to recover inbound messages from the Signal application residing on the smartphone of suspect Lynette Sharp, even though the application itself had been uninstalled from the device.
According to proceedings records made public by those supporting the accused, the recovered correspondence did not originate from Signal’s encrypted repository but rather from the iPhone’s notification system. Public records state, “Messages were recovered from Sharp’s phone via Apple’s internal notification storage—Signal had been deleted, yet incoming notifications remained in the internal memory.”
Apple has offered no official comment linking the update to this specific case, nor have they confirmed whether this vulnerability was exploited in actual attacks or clarified the departure from their standard release cadence. While the company’s release bulletin makes no direct reference to the Sharp case, the described flaw precisely matches the details reported by the defense team.
About the Author
