Apple out-of-band iOS/iPadOS security updates (CVE-2026-28950)
Security Patch Release
Summary
Hide ▲
Show ▼
Apple released out-of-band security updates for iPhone and iPad on April 22, 2026 to fix CVE-2026-28950. The patch addresses a Notification Services flaw that could leave deleted notifications stored on the device, creating a privacy risk. Apple said the issue was fixed through improved data redaction. The company did not say whether the flaw was exploited in attacks.
Related Happenings
Microsoft security patch release for CVE-2026-41089
Security Patch Release
First: 13.05.2026 00:46
Last: 13.05.2026 00:46
Sources 1
About this happening:
**Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
Microsoft security patch release for CVE-2026-41089
Security Patch ReleaseAbout this happening: **Microsoft** and other major software vendors shipped a heavy **May 2026** patch cycle, with fixes spanning **Windows**, **iOS**, **Firefox**, **Oracle** products, and **Chrome**...
IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android
Security Tool/Service
First: 12.05.2026 08:18
Last: 12.05.2026 08:18
Sources 1
About this happening:
Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...
IOS 26.5 beta rolls out default end-to-end encrypted RCS messaging on iPhone and Android
Security Tool/ServiceAbout this happening: Apple's **iOS 26.5** beta adds **default end-to-end encrypted RCS** messaging for **iPhone** and **Android** users, strengthening privacy in cross-platform chats. The rollout cove...
Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821
Security Patch Release
First: 07.05.2026 18:20
Last: 07.05.2026 18:20
Sources 1
About this happening:
Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-seve...
Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821
Security Patch ReleaseAbout this happening: Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-seve...
Latest development: 07.05.2026 20:55
Ivanti released fixes for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821 in Endpoint Manager Mobile (EPMM). The updates apply only to on-prem EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1, and Ivanti said the issues are not present in Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products.
Apple iOS 18.7.7 security update expansion for DarkSword
Security Patch Release
First: 02.04.2026 00:50
Last: 02.04.2026 00:50
Sources 1
About this happening:
Apple expanded **iOS 18.7.7** availability to more older **iPhones and iPads** on **April 1, 2026**, letting devices that stay on **iOS 18** receive protections against the **acti...
Apple iOS 18.7.7 security update expansion for DarkSword
Security Patch ReleaseAbout this happening: Apple expanded **iOS 18.7.7** availability to more older **iPhones and iPads** on **April 1, 2026**, letting devices that stay on **iOS 18** receive protections against the **acti...
Operation Triangulation updated iPhone espionage campaign
Campaign
First: 26.03.2026 15:10
Last: 26.03.2026 15:10
Sources 1
About this happening:
The **Operation Triangulation** espionage lineage has resurfaced through **Coruna**, extending **zero-click iPhone** targeting to newer **A17** and **M3** devices and **iOS 17.2**...
Operation Triangulation updated iPhone espionage campaign
CampaignAbout this happening: The **Operation Triangulation** espionage lineage has resurfaced through **Coruna**, extending **zero-click iPhone** targeting to newer **A17** and **M3** devices and **iOS 17.2**...
Timeline
-
23.04.2026 11:50 1 articles · 1mo ago
Apple security patch release for CVE-2026-28950
Initial DisclosureApple issued **iOS 26.4.2**, **iPadOS 26.4.2**, **iOS 18.7.8**, and **iPadOS 18.7.8** on **2026-04-23** to close **CVE-2026-28950**, which could preserve deleted-message notifications on affected devices.
Show sources
- Apple Patches iOS Flaw Allowing Recovery of Deleted Chats — www.securityweek.com — 23.04.2026 11:50
-
22.04.2026 23:58 2 articles · 1mo ago
Apple releases CVE-2026-28950 iPhone and iPad fixes
Mitigation Patch UpdateApple released out-of-band security updates for iPhone and iPad on April 22, 2026 to fix CVE-2026-28950 in Notification Services, where notifications marked for deletion could remain stored on the device; Apple said the flaw was fixed through improved data redaction and did not say whether it was exploited in attacks. Additional reporting described Signal messages recovered from a suspect's iPhone through Apple's internal notification storage, where incoming notifications were preserved after Signal was removed.
Show sources
- Apple fixes iOS bug that retained deleted notification data — www.bleepingcomputer.com — 22.04.2026 23:58
- Apple Fixes iOS Notification Bug Exposing Deleted Messages — www.infosecurity-magazine.com — 23.04.2026 16:00