Apple issued emergency iOS updates to fix CVE-2026-28950 in Notification Services, with iPhone 11 and newer receiving 26.4.2 and older devices getting backported 18.7.8 to patch deletion-marked notifications that linger on devices.

The vulnerability came to light after reports that the FBI retrieved Signal messages from an iPhone via stored notification data, underscoring a gap between app encryption and OS-level data handling.

iOS 18.7.8 is available for older models and backports to iOS 18, as Apple and analysts stress the seriousness of the flaw and urge prompt updates.

Apple and independent security commentators warn that notifications can leak data, advising users to minimize what is shown and to be privacy-conscious even beyond this patch.

Experts recommend limiting notification data exposure and note that updating reduces leakage, while continuing to scrutinize notification content across apps.

The article links to original sources and discloses the writer's sources and potential affiliate relationships.

No public proof-of-concept or exploit samples have been disclosed, and there are no known network indicators tied to the vulnerability.

Users are advised to update immediately via Settings > Software Update to protect against the vulnerability and potential data exposure in notifications.

Prompt updating via Settings > Software Update is urged to mitigate the described risk.

The report places the flaw in a broader context of prior vulnerability disclosures and spyware threats, noting Apple’s proactive patching to protect user privacy.

The discussion touches on encryption and backdoors debates, with Apple arguing against backdoors as a risk, and the update closing off current exploitation methods.

Security experts warn the issue extends beyond Signal, as push notification databases can reveal two-factor codes, previews, calendar invites, and security alerts, exposing a snapshot of user activity.