Light Wave

Lifestyle

Apple Quietly Fixed the iPhone Bug the FBI Used to Read Deleted Messages

By Erica Coleman · April 23, 2026

Apple released an out-of-cycle security update this week that patches a flaw most iPhone users didn’t know existed — one that left deleted private messages potentially recoverable long after users thought they were gone.

The update, released on April 22 for iPhones and iPads, addresses a vulnerability in how iOS handles notification storage. The flaw meant that even after a user deleted messages — including encrypted Signal messages — remnants of those notifications could remain stored on the device in a way that made them accessible to forensic tools used by law enforcement.

The issue gained attention after court documents revealed the FBI had retrieved erased Signal messages from a suspect’s iPhone using exactly this kind of on-device forensic extraction. Signal is end-to-end encrypted, meaning the messages themselves cannot be intercepted in transit — but if notification data lingers on the device after deletion, that protection has a meaningful gap.

Apple’s patch closes that gap. The company described the fix as addressing a flaw in how iOS managed notification caches, without offering specifics on how widely the vulnerability had been exploited or for how long it had been known.

The practical takeaway for everyday iPhone users is this: updating to the latest iOS version — which Apple is now prompting users to install — addresses the vulnerability. Messages deleted going forward should no longer leave the kind of recoverable trace the flaw allowed.

For the roughly 1.5 billion active iPhone users worldwide, the update is one most will install without reading the release notes. But the underlying issue it addresses touches something most users care deeply about: the assumption that deleting something means it is actually gone.

That assumption has never been fully accurate — forensic recovery of deleted data has been a standard law enforcement tool for decades across all platforms. What made this particular flaw notable is that it affected Signal, an app specifically chosen by users who want the highest level of message privacy available, and that it was quietly exploitable without any indication to the user that deleted messages remained accessible.

Whether the flaw was used in investigations beyond the one that became public is not known. Apple has not disclosed that information, and the Justice Department has not commented on its broader use of the technique.

The update is available now. Go to Settings, General, Software Update to install it.