iOS 26.4.2 Patches Flaw That Let FBI Extract Deleted Signal Messages

Source: MacRumors

Overview

Apple released updates for iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 that address a security vulnerability used by the FBI to extract Signal message previews from an iPhone even after the app had been deleted.

Vulnerability Details

• A flaw in the notification services allowed notifications that were supposed to be deleted to remain on an iPhone or iPad.
• Apple fixed the issue by improving data redaction in the logging system.
• The vulnerability was discovered after court testimony revealed that the FBI accessed the internal notification database on a device involved in a case, giving law‑enforcement access to message previews.

How the Exploit Worked

• The iPhone was configured to display Signal message content on the Lock Screen, causing the system to store the message content.
• Although the defendant had deleted the Signal app and set messages to disappear, the iPhone retained the messages in its database long enough for the FBI to retrieve them.

Recommendation

Devices running iOS 26, iPadOS 26, iOS 18, or iPadOS 18 should be updated to the latest versions (iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, iPadOS 18.7.8) to mitigate this security flaw.

---

This article first appeared on MacRumors.com.