Apple News Articles

Apple patches iOS bug that allowed the FBI to read Signal messages

Apple patches CVE-2026-28950: an iOS bug that caused deleted notifications to be retained, allowing the FBI to recover Signal messages.

2 weeks ago

Deleted Didn’t Mean Gone: Apple Fixes iPhone Bug Exploited in FBI Probe, Patches Notification Data Flaw in iOS 26.4.2

Apple has released iOS 26.4.2 and iPadOS 26.4.2 to fix a serious notification flaw (CVE-2026-28950) that allowed deleted message alerts to linger, exposing Signal messages in FBI investigations. Learn how this bug impacted privacy and why updating your device is critical.

3 weeks ago

iOS 26.4.2 Update Released, Apple Fixes Critical Notification Database Vulnerability | 📲 LatestLY

Apple has launched iOS 26.4.2 to fix a critical security flaw (CVE-2026-28950) that allowed deleted notifications to be stored permanently on iPhones. This vulnerability was reportedly used by the FBI to recover Signal message content. The iOS 26.4.2 update purges all improperly retained notificatio...

3 weeks ago

iOS 26.4.2 Update: What's New, Security Fixes, and Bug Improvements for iPhone

iOS 26.4.2 update brings Apple security fixes, notification retention patch, performance improvements, and critical iPhone bug fixes for better stability.

3 weeks ago

Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) - IT Security News

Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain notifications marked for deletion. The vulnerability was patched following a recent report about the FBI accessing…Read more →

3 weeks ago

Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) - Help Net Security

Security updates for iPhones and iPads fix CVE-2026-28950, a vulnerability that made devices retain notifications marked for deletion.

3 weeks ago

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case - IT Security News

Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging…Read more →

3 weeks ago

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case

Apple fixes CVE-2026-28950 in iOS 26.4.2 after deleted notifications were retained, mitigating forensic data exposure.

3 weeks ago

Coruna framework: an exploit kit and ties to Operation Triangulation

Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.

CISA orders feds to patch DarkSword iOS flaws exploited attacks

CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit.

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple countries.

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Apple backports CVE-2023-43010 WebKit fix after Coruna exploit kit abused iOS flaws, protecting older iPhones and iPads from memory corruption attacks

Apple Updates Legacy iOS Versions to Patch Coruna Exploits

Apple releases updates for legacy versions of iOS and iPadOS to address the recently disclosed Coruna exploits.

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google uncovered Coruna iOS exploit kit with 23 exploits across five chains targeting iPhones running iOS 13–17.2.1.

Apple discloses first actively exploited zero-day of 2026

The vendor said the memory-corruption defect was exploited to target specific people, but it did not describe the objectives of the attack.

New macOS TCC Bypass Vulnerability Allows Attackers to Access Sensitive User Data

By exploiting a private API within the ScreenReader.framework ,a core component of the VoiceOver accessibility feature malicious actors can gain unauthorized access to sensitive user data.

CISA Warns of Apple WebKit Vulnerability Actively Exploited in Attacks

CISA issued an urgent warning about a critical Apple WebKit zero-day vulnerability actively exploited in attacks.

Zero‑Day Vulnerabilities in Apple WebKit

Apple has released security updates to address two zero‑day vulnerabilities in WebKit that have been exploited in attacks. Users and administrators of affected Apple devices are strongly advised to update to the latest software versions immediately.

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Apple and Gladinet CentreStack and Triofox vulnerabilities to its Known Exploited Vulnerabilities catalog.

Apple Zero-Day Exploits Used in Targeted iPhone Spyware Attacks | eSecurity Planet

Apple confirmed two WebKit zero-days exploited in targeted iPhone spyware attacks.

Apple Confirms Zero-Day Exploitation in Targeted Attacks on iPhone Users

Apple has issued critical security patches addressing two actively exploited zero-day vulnerabilities affecting iPhone and iPad devices.

'Landfall' Malware Targeted Samsung Galaxy Users

The tool let its operators secretly record conversations, track device locations, capture photos, and perform other surveillance on compromised devices.

Apple fixes critical font processing bug. Update now!

Apple has released a security update for macOS, iOS, iPadOS, and visionOS to patch a serious bug (CVE-2025-43400) in how devices handle fonts.

Apple backports zero-day patches to older iPhones and iPads

​Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

Apple patches CVE-2025-43300 exploited with WhatsApp CVE-2025-55177, protecting under 200 targeted users.