"The bug is described as a logging issue resulting in notifications that have been marked for deletion to be retained on the device. Apple did not share further details on CVE-2026-28950, nor did it mark the security defect as being exploited in the wild."
"The vulnerability resulted in previews of incoming messages to be saved to system cache, and they could later be scrapped using forensic tools. Shortly after Apple rolled out the fixes, Signal praised it for taking quick action to preserve users' privacy."
Apple announced updates for iOS and iPadOS to address a vulnerability, CVE-2026-28950, which allowed deleted messages to be recovered. The updates improve data redaction and are available for various iPhone and iPad models. Although Apple did not confirm exploitation of the flaw, it was reportedly used by law enforcement to extract messages from a suspect's device. Signal commended Apple for the swift action to protect user privacy, stating that no action is needed from users to benefit from the fix.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]