Apple has pushed out iOS 26.4.2 and the update is worth installing ASAP, especially if you care about message privacy on your lock screen.
The patch fixes a flaw tied to Apple’s notification database, where push notifications that were supposed to be deleted could still remain on the device. That matters because those leftover notifications could reportedly be viewed by law enforcement, even after a user thought they were gone.
According to Apple’s own release notes, the fix adds "improved data redaction" for an issue where notifications marked for deletion could be unexpectedly retained on the device. In simple terms, deleted alerts were not always fully disappearing the way users would expect.
Why this is a big deal
The wider privacy angle is what makes this one spicy.
The Electronic Frontier Foundation said this bug created one path for agencies like the FBI to get around Apple’s tougher privacy position. Since 2023, Apple has required a court order before sharing notification data. But if data is still sitting on the phone itself, that becomes another access point.
This specific use of the flaw was first reported by 404 Media, which said the FBI used a tool to pull Signal notification data stored locally on an iPhone, including notifications that had already been deleted.
That is especially notable because apps like Signal are usually associated with stronger privacy. But this case shows the weak point was not necessarily the app itself, it was how notification data was being handled by the OS.
Signal had already warned users
Signal CEO Meredith Whitaker previously acknowledged the issue and said notifications for deleted messages should not remain in any OS notification database. She also said Signal had asked Apple to address it.
At the time, Whitaker advised users to reduce what appears in Signal notifications, including removing the sender name and message content from previews. After Apple released the patch, Signal said it was "very happy" that Apple had issued both a fix and a security advisory.
Why Malaysia and SEA users should care
For a lot of people in Malaysia and across Southeast Asia, lock-screen notifications are basically mini inboxes. OTPs, banking alerts, work chats, family WhatsApp messages, Telegram groups, Signal convos, everything lands there.
That convenience is nice, but it also means your notification panel can quietly hold a lot more sensitive info than you realise. If deleted alerts are still hanging around in the system database, that is a privacy problem no matter where you live.
It also hits extra hard in this region because many users rely on a single phone for work, side hustle, banking, and personal chats. One device carries everything. So even if you are not some privacy-maxxing hardcore user, this update still matters.
Which devices are getting the update
Apple says the patch is available now for:
- iPhone 11 and later
- iPad Pro 12.9-inch (3rd gen and later)
- iPad Pro 11-inch (1st gen and later)
- iPad Air (3rd gen and later)
- iPad (8th gen and later)
- iPad mini (5th gen and later)
What you should do now
First, update to iOS 26.4.2 if your device supports it.
Second, if you use messaging apps for sensitive chats, it is still smart to limit what appears in notification previews. The EFF notes that notifications can be exposed in at least two places: in the cloud while they are routed through company servers, and on the phone where they are stored locally.
So yeah, this patch should close the specific hole Apple identified, but good notification hygiene still matters. If your lock screen is showing full message text, maybe now is the time to clean that up.
Source: Engadget