Update Apr. 24, 2026: This article, originally published on Apr. 23, 2026, has been updated to include confirmation from Signal and expert commentary about the issue fixed in iOS 26.4.2 and iOS 18.7.8, as well as bug fixes and privacy advice.

Apple has released iOS 26.4.2 and iOS 18.7.8, along with a warning to update your iPhone now. That’s because iOS 26.4 and iOS 18.7.8 fix a single security vulnerability in the iPhone software, which could be pretty serious.

Apple doesn’t provide much detail about what’s fixed in iOS 26.4.2 and iOS 18.7.8, to allow as many users to upgrade before attackers can get hold of the details. But it does reveal that iOS 26.4 and iOS 18.7.8 fix the same flaw, in Notification Services, where notifications marked for deletion could be unexpectedly retained on the device, according to Apple’s support page .

Tracked as CVE-2026-28950, it seems the issue was released as an emergency update for a reason. It appears to be the same vulnerability used by the FBI to extract copies of incoming Signal messages from a defendant’s iPhone due to copies of the content being saved in the push notification database, first reported by 404 Media .

While Apple doesn’t comment on the details of the fixes in iOS 18.7.8 and iOS 26.4.2, Bleeping Computer points out that “its description of notifications being retained on the device closely aligns with the type of data persistence described in that report.”

I have asked Apple to comment and will update this article if the iPhone maker responds.

Signal Confirms iOS 26.4.2 and iOS 18.7.8 Fix Known Issue

Signal has confirmed iOS 26.4.2 and iOS 18.7.8 fix the issue in question. “We are very happy that today Apple issued a patch and a security advisory,” Signal wrote on X, formerly Twitter, adding that the move comes following 404 Media’s reporting "that the FBI accessed Signal message notification content via iOS despite the app being deleted.”

Apple’s advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release, Signal. added

Signal also pointed out the no action is needed for this fix to protect Signal users on iOS. “Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications.”

“We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication,” Signal added.

iOS 18.7.8 Is Also Available For Newer iPhones

Another security implication of this latest update is the fact that iOS 18.7.8 is also available for later generations of the iPhone, signalling that Apple is now offering iOS 18 to those who want to stay on the older operating system.

It comes after the iPhone maker released iOS 26.4 last month, including the ability to update to iOS 18.7.7 even if you own a newer device. The reason for this was DarkSword, a dangerous spyware that was using iPhone vulnerabilities to attack Apple users. Perhaps Apple is changing its tactics to ensure all users are secured in the face of major risks — certainly when it issues emergency updates to the iPhone software such as iOS 26.4.2 and iOS 18.7.8.

“Apple shipping a dedicated patch for a single issue and backporting it to iOS 18 in the same release, tells you exactly how seriously they take the integrity of their platform,” says Adam Boynton, senior enterprise strategy manager at Jamf.

He describes how a forensic examiner reconstructing notifications a user believed were deleted is like “reading a compressed timeline of someone's working life.”

“They include the likes of two-factor codes, previews from work chat platforms, calendar invites, customer alerts and even internal security pings,” Boynton warns. The FBI and Signal case is “eye-catching,” but the underlying exposure applies to any app that surfaces content in push notifications, which is most enterprise collaboration tools in daily use, he says.

Notifications Issue Fixed In iOS 26.4.2 And iOS 18.7.8

The issue patched iOS 26.4.2 and iOS 18.7.8 is caused by the device retaining notifications. In the case of encrypted apps such as Signal, it would mean anyone could read messages that arrived in notification form — even after the app itself is deleted.

Even when an app is deleted, some operating systems will retain information in places you might forget about. It’s therefore important to be privacy focused from the outset with all apps, says Jake Moore, global cybersecurity advisor at ESET. “Updating will have removed this glitch enabling the storing of sensitive information but it’s important to remember that notifications aren’t directly organised by their native apps,” Moore warns.

Moore says notification information is “best kept to a minimum” on your iPhone, adding that this can be set to a limited amount such as who it’s from — “or even just a note to say there is a message.” For Android users, there is another issue to note. Some Android phones will even keep messages in their separate notifications folder after they have been deleted or set to disappear, so it’s best to keep sensitive information down to a minimum where possible, Moore says. Updating to the new iOS — either iOS 26.4.2 or iOS 18.7.8 — will help with these latest findings, says Moore. However, he advises keeping privacy in mind where possible. “This helps keep data leakage to a minimum as deleted doesn’t always mean deleted.”

Apple’s iOS 26.4.2 also fixes bugs in the iOS operating system, including improved keyboard accuracy when typing quickly. It was an annoying issue, so after updating to iOS 26.4.2, I’m hoping I can type messages without numerous errors once again.

Reddit users are largely positive, with one saying : “I feel like way more snappier and battery lasting longer at every percent I can see the changes… overall a good update and much needed one!”

Another agreed: “Smoother and battery far better.”

However, some people are finding iOS 26.4.2 a bit glitchy. “Still stutters. Still has a bunch of glitches,” one Reddit user said. Apple’s iOS 26.4.2 is available for iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

Meanwhile, iOS 18.7.8 is available for iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (2nd generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (3rd generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), iPhone 16e, iPad mini (5th generation - A17 Pro), iPad (7th generation - A16), iPad Air (3rd - 5th generation), iPad Air 11-inch (M2 - M3), iPad Air 13-inch (M2 - M3), iPad Pro 11-inch (1st generation - M4), iPad Pro 12.9-inch (3rd - 6th generation) and iPad Pro 13-inch (M4).

Why You Should Update To iOS 26.4.2 and iOS 18.7.8 Now

The fix issued in iOS 26.4.2 and iOS 18.7.8 might look fairly innocent, but the timing of the upgrade indicates Apple deems it serious. For that reason, you should upgrade your iPhone now.

If you are already on iOS 26, the iOS 26.4.2 update adds new features, including Concerts in Apple Music and eight new emoji, giving you extra reasons for updating right away.

So, what are you waiting for? Go to Settings > Software Update and upgrade to iOS 18.7.8 or iOS 26.4.2 now.