Apple Patches iOS Flaw Allowing Recovery of Deleted Chats

Apple’s latest iOS and iPadOS updates close a subtle yet powerful logging vulnerability, CVE‑2026‑28950, that stored deleted push‑notification content in the system cache. By retaining previews of messages, the flaw let forensic tools reconstruct conversations that users believed were erased, including two‑factor codes and confidential work alerts. The issue spanned a wide device range—from iPhone XR to the newest iPhone 16e—making the patch essential for millions of active devices.

The vulnerability gained notoriety when the FBI reportedly leveraged it to retrieve Signal messages from a suspect in the Prairieland case, despite the app’s disappearing‑message feature and its removal from the phone. This incident underscores a broader privacy risk: any app that surfaces content via notifications can unintentionally expose sensitive data if the OS fails to purge it. Enterprises relying on collaboration tools, calendar alerts, and security pings must now reassess their notification handling policies, as forensic reconstruction could reveal a detailed timeline of employee activity.

Apple’s response—delivering redaction improvements and clearing lingering notifications—was swift and earned praise from Signal and security vendors like Jamf. While the company did not confirm active exploitation beyond the FBI example, the patch sets a precedent for rapid remediation of OS‑level privacy flaws. Organizations should prioritize installing the updates, audit notification settings, and consider additional endpoint protection to mitigate future risks associated with OS caching mechanisms.