Apple’s newest iOS replace fixes a flaw in its notification database that made it attainable for legislation enforcement to view deleted push notifications on an individual’s iPhone or iPad. The safety flaw was a method legislation enforcement businesses just like the FBI may circumvent Apple’s strict stance in the direction of person privateness, the Digital Frontier Basis writes, significantly for the reason that firm has required a court docket order to share notification knowledge since 2023.
In keeping with Apple’s replace notes, iOS 26.4.2 introduces “improved knowledge redaction” to deal with a difficulty the place “notifications marked for deletion may very well be unexpectedly retained on the gadget.” The replace is obtainable now on “iPhone 11 and later, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad eighth technology and later and iPad mini fifth technology and later,” Apple says.
The FBI’s use of this specific iOS notification flaw was first reported on by 404 Media, who realized the company used a software to entry Sign notification knowledge saved regionally on an iPhone even after it was deleted. Sign CEO Meredith Whitaker later acknowledged the problem on Bluesky, writing that “notifications for deleted [messages] should not stay in any OS notification database, and we have requested Apple to deal with this.” On the time, Whitaker directed Sign customers to regulate their settings in order that push notifications from the app didn’t embody the identify of the messenger or message content material. In response to immediately’s information, Sign mentioned on Bluesky that it’s “very glad that immediately Apple issued a patch and a safety advisory.”
The privateness of your notifications is susceptible in at the very least two locations, in keeping with the EFF. Within the cloud, the place they get routed by means of an organization’s servers and certain partially logged in metadata, and on the native storage of the telephone the place they’re obtained. Apple’s replace ought to ideally make deleted notifications appropriately inaccessible, however limiting what’s truly seen in notifications within the first place can also be price contemplating.
Replace, April 22, 6:40PM ET: This story was up to date after publish to incorporate remark from Sign.
