April 25 update: this article, originally published on April 22 was updated on April 25 with more details of the latest update.

Apple has released a new iPhone update, just two weeks after the last one. This release is designed to address a particular problem in Notification Services, “where notifications marked for deletion could be unexpectedly retained on the device,” as Apple described it . There has now been confirmation of what the update tackles from Signal. Here’s all you need to know.

Which iPhones Can Run iOS 26.4.2?

This update is for all iPhones from 2019 onwards. That means iPhone 11 and later. The second-generation and third-generation iPhone SE handsets are included. All members of the iPhone 17 series, including the latest release, iPhone 17e, plus iPhone Air, are also supported.

Identical security patches are also available for older devices via iOS 18.7.8. That means anyone with an iPhone 11 or later who hasn’t updated to iOS 26 (once you’ve done so, you can’t downgrade again later) plus the other three iPhones compatible with iOS 18, that is, iPhone XS, iPhone XS Max and iPhone XR.

How To Download And Install iOS 26.4.2

You’ll likely know this by now, but to download the update, open the Settings app on the iPhone and click on General, followed by Software Update. Here you’ll find Download and Install, and it’ll be downloaded promptly. It’s a small update, 772 MB on my iPhone 17 Pro Max. It downloaded and installed quickly — less than 10 minutes in all.

iOS 26.4.2 — What’s In The Release

This update came out of the blue and is focused on one thing: an exploit to Notification Services which meant something that had been marked for deletion could be retained. It’s now been fixed with a logging issue with improved redaction, the company says.

Crucially, Apple says the update also retroactively purges any notification fragments that were stored on-device before the fix. In other words, the update solves the problem for past, as well as future, message deletions.

It seems that the vulnerability became known when recent court testimony revealed that the FBI was able to access an internal notification database on an iPhone involved in a federal case in Texas.

“The iPhone in question was set to display the content of Signal messages on the Lock Screen, and with that feature enabled, the iPhone stores message content,” MacRumors reported.

“The defendant in the case had deleted the Signal app and had Signal messages set to disappear, but the iPhone kept the messages in its database long enough for the FBI to access them,” it went on.

This, in other words, is a security flaw that will not impact most people, but has been deemed urgent enough for Apple to issue a new update just to fix it. The vulnerability, tracked as CVE-2026-28950, effectively bypassed the encryption of secure messaging apps by targeting the operating system's own notification logs.

On April 22, Signal posted on X about the update, saying “We are very happy that today Apple issued a patch and a security advisory. This comes following @404mediaco reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted.”

Note that no action is needed for this fix to protect Signal users on iOS. Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications. We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication.

But the fact that this update appeared out of the blue is an indication of how seriously Apple has taken it. It came just weeks after reports that the FBI had managed to forensically extract copies of incoming Signal messages on an iPhone.

This phone belonged to a defendant in a case connected to an attack on an ICE detention center, even though the app had been deleted. It did this, “by taking advantage of the fact that copies of the content were saved in the device's push notification database,” The Hacker News reported.

This was achieved by using the push notification database in the iPhone, which continued to store notifications of incoming messages from the app. That’s what’s been addressed in this update.

Signal uses end-to-end encryption and has features like automatic message deletion and has message history which is stored on-device rather than in servers.

“Signal is often used by journalists, government officials, and other users who want increased security,” Macworld said. So, it’s especially important for Signal users, but since it addresses a flaw in privacy — one of Apple’s most important priorities — it’s no surprise the company has moved so quickly.