CVE-2026-28950

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.8 iOS versions prior to 26.4.2 iPadOS versions prior to 18.7.8 iPadOS versions prior to 26.4.2

Description A logging issue in the Notification Services system component allowed notifications marked for deletion to be unexpectedly retained on the device. This flaw occurred because iOS cached incoming notification content, including message previews, in the push notification database when previews were enabled. This data could persist for up to a month even after the messages were deleted or the associated application was removed, effectively bypassing end-to-end encryption protections. This issue was reportedly exploited by the FBI in the Prairieland case to recover deleted Signal communications from a suspect's device using forensic extraction tools.

Recommendations Update iOS to version 18.7.8. Update iOS to version 26.4.2. Update iPadOS to version 18.7.8. Update iPadOS to version 26.4.2.