Apple Notification Services notification retention flaw (CVE-2026-28950)
Vulnerability
Summary
Hide ▲
Show ▼
Apple released out-of-band updates for iPhone and iPad to fix CVE-2026-28950, a Notification Services flaw that could let deleted notifications remain stored on the device. The bug mattered because retained notification data could expose content users expected to be erased. Apple said the issue was fixed with improved data redaction and shipped patches on April 22, 2026, including iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8. Apple did not say whether the flaw was exploited in attacks or explain how long the retained data could persist.
Related Happenings
Apple and Google Messages beta rollout of cross-platform E2EE RCS
Security Tool/Service
First: 12.05.2026 16:00
Last: 12.05.2026 16:00
Sources 1
About this happening:
Apple and Google have begun a **beta rollout** of **end-to-end encrypted RCS** between **iPhone** and **Android** devices, materially reducing carrier and in-transit visibility fo...
Apple and Google Messages beta rollout of cross-platform E2EE RCS
Security Tool/ServiceAbout this happening: Apple and Google have begun a **beta rollout** of **end-to-end encrypted RCS** between **iPhone** and **Android** devices, materially reducing carrier and in-transit visibility fo...
IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android
Security Tool/Service
First: 12.05.2026 08:18
Last: 12.05.2026 08:18
Sources 1
About this happening:
Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...
IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android
Security Tool/ServiceAbout this happening: Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...
Apple iOS outdated-device exploit-kit mitigation advisory
Advisory/Mitigation
First: 20.03.2026 07:16
Last: 20.03.2026 07:16
Sources 1
About this happening:
**Apple** is sending **Lock Screen notifications** to **outdated iPhones and iPads** after detecting **active web-based attacks**, urging users to install updates. The latest noti...
Apple iOS outdated-device exploit-kit mitigation advisory
Advisory/MitigationAbout this happening: **Apple** is sending **Lock Screen notifications** to **outdated iPhones and iPads** after detecting **active web-based attacks**, urging users to install updates. The latest noti...
Apple iOS and iPadOS 26.4 Beta adds RCS end-to-end encryption and new device protections
Security Tool/Service
First: 17.02.2026 08:44
Last: 17.02.2026 08:44
Sources 1
About this happening:
Apple’s **iOS and iPadOS 26.4 Beta** now tests **end-to-end encryption (E2EE)** for **RCS messages**, strengthening message confidentiality for Apple users. The same beta also exp...
Apple iOS and iPadOS 26.4 Beta adds RCS end-to-end encryption and new device protections
Security Tool/ServiceAbout this happening: Apple’s **iOS and iPadOS 26.4 Beta** now tests **end-to-end encryption (E2EE)** for **RCS messages**, strengthening message confidentiality for Apple users. The same beta also exp...
Microsoft Outlook for iOS crash or freeze on iPad after coding error
Service Disruption
First: 23.01.2026 15:34
Last: 23.01.2026 15:34
Sources 1
About this happening:
A **coding error** is causing **Microsoft Outlook for iOS** to **crash or freeze on iPad devices**, disrupting access for users of **version 5.2602.0** and forcing a temporary wor...
Microsoft Outlook for iOS crash or freeze on iPad after coding error
Service DisruptionAbout this happening: A **coding error** is causing **Microsoft Outlook for iOS** to **crash or freeze on iPad devices**, disrupting access for users of **version 5.2602.0** and forcing a temporary wor...
Timeline
-
23.04.2026 11:50 1 articles · 1mo ago
Apple releases iOS and iPadOS fixes for CVE-2026-28950
Mitigation Patch UpdateApple released iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8 to address CVE-2026-28950, a logging flaw that could retain notifications marked for deletion on the device. The update improves data redaction so inadvertently preserved notifications are removed, and reporting also links the flaw to recovered Signal chats in the Prairieland case involving law enforcement and the FBI.
Show sources
- Apple Patches iOS Flaw Allowing Recovery of Deleted Chats — www.securityweek.com — 23.04.2026 11:50
-
22.04.2026 23:58 2 articles · 1mo ago
Apple patches CVE-2026-28950 in Notification Services
Mitigation Patch UpdateApple released out-of-band updates for iPhone and iPad on April 22, 2026 to fix CVE-2026-28950 in Notification Services, where notifications marked for deletion could remain stored on the device; the patch used improved data redaction and covered iOS 26.4.2, iPadOS 26.4.2, iOS 18.7.8, and iPadOS 18.7.8.
Show sources
- Apple fixes iOS bug that retained deleted notification data — www.bleepingcomputer.com — 22.04.2026 23:58
- Apple Fixes iOS Notification Bug Exposing Deleted Messages — www.infosecurity-magazine.com — 23.04.2026 16:00
-
22.04.2026 23:58 1 articles · 1mo ago
Notification storage preserved deleted Signal messages
Technical Analysis UpdateAdditional reporting described the FBI recovering copies of Signal messages from a suspect's iPhone after they were deleted in the app, with trial notes saying Apple's internal notification storage preserved incoming notifications even after Signal was removed.
Show sources
- Apple fixes iOS bug that retained deleted notification data — www.bleepingcomputer.com — 22.04.2026 23:58