Summary in 10 SecondsApple has released iOS 26.4.2 and iPadOS 26.4.2 updates. The update closes the vulnerability that caused deleted notification data to remain on the device. The issue is tracked by the code CVE-2026-28950. The update is available for iPhone 11 and newer models and supported iPad models. Apple has released a new update that closes a seemingly small but important privacy gap for iPhone and iPad users.
The issue that caused notification data that should have been deleted to remain unexpectedly on the device with iOS 26.4.2 and iPadOS 26.4.2 has been fixed. This vulnerability is especially notable in messaging applications. Because the problem is not that the message remains in the application, but that the incoming notification remains in the notification records of the device. In other words, even if the user deleted the application or thought that the messages would disappear, the content appearing in the notification preview could leave a trace on the device.
The notification vulnerability in iPhones was closed with the new update. According to Apple’s security notes, the problem was caused by a logging error on the Notification Services side. Due to this error, notifications marked for deletion could unexpectedly remain on the device. The company states that it fixed the vulnerability with better data hiding and cleaning methods. The vulnerability was listed with the code CVE-2026-28950.
The update was released on April 22, 2026 and covers iPhone 11 and newer models. On the iPad side, it is valid for iPad Pro 12.9 inch 3rd generation and later, iPad Pro 11 inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later. The problem does not arise from the messaging application, but from the notification records. The point that makes this vulnerability important is not that the data is received directly from the messaging application.
When the message content was shown in the notification preview, iOS was able to keep this information within its notification system. Thus, even if the application was deleted, it was possible to access some message previews through the notification records remaining on the device. This is especially remarkable for end-to-end encrypted messaging applications. Because even if the application’s own security structure is not compromised, the data remaining in the notification layer of the operating system may pose a separate risk in terms of user privacy.
Why should the update be installed immediately? iOS 26.4.2 is not a major feature update. It does not bring new interface changes or major innovations visible to the user. However, it contains a critical fix on the security side. To install the update, users just need to enter the General section from the Settings application, then enter the Software Update screen. If the update appears for the device, the download and installation process can be started from here.
Notification previews are still an area that needs attention. Although this vulnerability has been closed, notification previews are still important in terms of privacy. Showing message content on the lock screen may cause sensitive information to be disclosed when the device is in the hands of others or the screen is visible. Therefore, limiting notification content, especially in messaging applications such as Signal, WhatsApp, Telegram and similar, provides safer use.
On the iPhone side, lock screen previews can be turned off or set to only show when the device is unlocked.
Comments
You can write your views about this story. Comments may be moderated according to site settings.