ewsba.se
Apple has released iOS 26.4.2, a seemingly minor security update for iPhone that turns out to patch a serious security vulnerability that allowed the FBI to read sensitive messages from the Signal messaging app, even after the app had been deleted.
In early April, 404 Media reported that the federal organization had extracted the messages from a defendant's phone because the system still contained copies of the notifications that were generated when the texts were sent.
Although Apple doesn't specifically call out the FBI incident, the description in the company's security note (which also applies to iPadOS 26.4.2 for iPad models) matches the issue. "Notifications marked for deletion could be unexpectedly retained on the device," the note reads. The update fixes a logging issue "with improved data redaction."
To bring your iPhone or iPad up to date, go to Settings and tap General. Next, select Software Update and then Update Now and follow the prompts.
It's easy to ignore small updates like this, but sometimes there's a problem like this that needs to be tackled immediately. When Apple released iOS 26.4.1 in early April, it enabled the Stolen Device Protection feature on iPhones to bolster security against known vulnerabilities.
Note that this update doesn't appear to fall under the category of Background Security Improvements, which are quietly installed behind the scenes when critical security updates are needed.
iOS 26.4 brought new emoji, video podcasts and more to the iPhone experience. iOS 26.5, currently available as public and developer betas, could bring features like end-to-end encryption to RCS messaging, plus improvements (and possibly ads) to the Maps app.
For more on getting the most out of iOS, check out our iOS 26 cheat sheet.