Apple iPhone 17 Pro Max
NurPhoto via Getty Images
April 23 update: this article, originally published on April 22 was updated on April 23 with further details of exactly what the update is about.
Apple has released a new iPhone update, just two weeks after the last one. This release is designed to address a particular problem in Notification Services, “where notifications marked for deletion could be unexpectedly retained on the device,” as Apple described it. There has now been confirmation of what the update tackles from Signal. Here’s all you need to know.
Which iPhones Can Run iOS 26.4.2?
This update is for all iPhones from 2019 onwards. That means iPhone 11 and later. The second-generation and third-generation iPhone SE handsets are included. All members of the iPhone 17 series, including the latest release, iPhone 17e, plus iPhone Air, are also supported.
Identical security patches are also available for older devices via iOS 18.7.8. That means anyone with an iPhone 11 or later who hasn’t updated to iOS 26 (once you’ve done so, you can’t downgrade again later) plus the other three iPhones compatible with iOS 18, that is, iPhone XS, iPhone XS Max and iPhone XR.
How To Download And Install iOS 26.4.2
You’ll likely know this by now, but to download the update, open the Settings app on the iPhone and click on General, followed by Software Update. Here you’ll find Download and Install, and it’ll be downloaded promptly. It’s a small update, 772 MB on my iPhone 17 Pro Max. It downloaded and installed quickly — less than 10 minutes in all.
iOS 26.4.2 — What’s In The Release
This update came out of the blue and is focused on one thing: an exploit to Notification Services which meant something that had been marked for deletion could be retained. It’s now been fixed with a logging issue with improved redaction, the company says.
Crucially, Apple says the update also retroactively purges any notification fragments that were stored on-device before the fix. In other words, the update solves the problem for past, as well as future, message deletions.
It seems that the vulnerability became known when recent court testimony revealed that the FBI was able to access an internal notification database on an iPhone involved in a federal case in Texas.
“The iPhone in question was set to display the content of Signal messages on the Lock Screen, and with that feature enabled, the iPhone stores message content,” MacRumors reported.
“The defendant in the case had deleted the Signal app and had Signal messages set to disappear, but the iPhone kept the messages in its database long enough for the FBI to access them,” it went on.
This, in other words, is a security flaw that will not impact most people, but has been deemed urgent enough for Apple to issue a new update just to fix it. The vulnerability, tracked as CVE-2026-28950, effectively bypassed the encryption of secure messaging apps by targeting the operating system’s own notification logs.
On April 22, Signal posted on X about the update, saying “We are very happy that today Apple issued a patch and a security advisory. This comes following @404mediaco reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted.”
