Apple patches iOS flaw that could retain deleted alerts and expose Signal messages
Apple issued out-of-band updates for iPhone/iPad (iOS 26.4.2 / iPadOS 26.4.2 and iOS 18.7.8 / iPadOS 18.7.8) to fix CVE-2026-28950 in Notification Services that could cause notifications marked for deletion to linger on-device, potentially enabling recovery of Signal messages from notification data; Signal praised the patch, Apple gave limited technical details, and users are advised to update, with a workaround in Signal settings to show only names or no content for notifications.