Apple fixes bug that cops used to extract deleted chat messages from iPhones

2026-04-22 · Source: TechCrunch · Field: Technology & Digital — Cybersecurity & Data Privacy, Software Development & Engineering · Depth: Fundamental Awareness, quick

Summary

Apple has released a software update for iPhones and iPads, addressing a critical bug that enabled law enforcement to extract deleted or automatically disappearing messages from various messaging applications. This vulnerability occurred because notifications displaying message content were unexpectedly retained and cached on the device for up to a month, even after the messages were deleted within the app. The issue gained prominence after 404 Media reported the FBI's use of forensic tools to access deleted Signal messages via this mechanism. Privacy activists and Signal's president expressed significant alarm, as the bug circumvented a vital security feature designed to protect at-risk users' conversations. Apple also backported this essential fix to devices running older iOS 18 software versions.

Key takeaway

Apple has patched a critical iOS/iPadOS bug that allowed law enforcement to extract deleted or disappearing messages from apps like Signal. The vulnerability stemmed from notification content being unexpectedly retained in the device's database for up to a month, even after messages were deleted. This fix restores expected privacy for users relying on timed message deletion for sensitive communications, preventing forensic recovery of cached notification data.

Topics

• Apple Software Update
• iOS Security Bug
• Deleted Message Extraction
• Law Enforcement Forensics
• Signal Messaging App

Best for: CTO, VP of Engineering/Data, Executive, Security Engineer, Legal Professional, General Interest

Related on AIssential

• Apple just fixed an iOS flaw exploited by the FBI - here's what happened — An iOS notification flaw allowed law enforcement to access deleted Signal messages, prompting an urgent Apple patch.
• Apple brings encrypted RCS messaging to iPhone with iOS 26.5 — iOS 26.5 enables end-to-end encrypted RCS messaging, enhancing secure communication between iPhone and Android users.
• iOS 26.4.2 patch fixes notification database privacy flaw — Deleted messages can persist in OS notification databases despite app-level deletion and encryption.
• Slack Rebuilds Notification System, Reports 5X Increase in Settings Engagement — Slack has completely rebuilt its notification system, introducing a unified architecture to address long-standing issues with fragmented preferences and inconsistent behavior across desktop and mobile…
• Apple approves Poke as the first AI agent on its Messages for Business platform — Apple's Messages for Business now supports third-party AI agents, starting with Poke, signaling a new channel for AI service delivery.
• iOS 26.4 brings essential upgrades to your iPhone - including a vital security fix — iOS 26.4 delivers new features and critical security fixes, notably for an Apple Intelligence LLM vulnerability.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by TechCrunch.