Apple rolls out iOS 26.4.2 to fix a flaw that allowed the FBI to access push notifications

Apple's latest iOS update fixes a flaw successful its notification database that made it imaginable for rule enforcement to position deleted push notifications connected a person's iPhone aliases iPad. The information flaw was 1 measurement rule enforcement agencies for illustration nan FBI could circumvent Apple's strict stance towards personification privacy, the Electronic Frontier Foundation writes, peculiarly since nan institution has required a tribunal order to stock notification information since 2023.

According to Apple's update notes, iOS 26.4.2 introduces "improved information redaction" to reside an rumor wherever "notifications marked for deletion could beryllium unexpectedly retained connected nan device." The update is disposable now connected "iPhone 11 and later, iPad Pro 12.9-inch 3rd procreation and later, iPad Pro 11-inch 1st procreation and later, iPad Air 3rd procreation and later, iPad 8th procreation and later and iPad mini 5th procreation and later," Apple says.

The FBI's usage of this peculiar iOS notification flaw was first reported connected by 404 Media, who learned nan agency utilized a instrumentality to entree Signal notification information stored locally connected an iPhone moreover aft it was deleted. Signal CEO Meredith Whitaker later acknowledged nan rumor connected Bluesky, penning that "notifications for deleted [messages] shouldn't stay successful immoderate OS notification database, and we've asked Apple to reside this." At nan time, Whitaker directed Signal users to set their settings truthful that push notifications from nan app didn’t see nan sanction of nan messenger aliases connection content.

The privateness of your notifications is susceptible successful astatine slightest 2 places, according to nan EFF. In nan cloud, wherever they get routed done a company's servers and apt partially logged successful metadata, and connected nan section retention of nan telephone wherever they're received. Apple's update should ideally make deleted notifications appropriately inaccessible, but limiting what's really visible successful notifications successful nan first spot is besides worthy considering.