iOS Update Addresses Critical Security Flaw CVE-2026-28950

Severity: High (Score: 72.8)

Sources: Azat.Tv, Aol

Summary

On April 22, 2026, Apple published CVE-2026-28950, a critical security flaw that allowed deleted notifications to be retrieved, posing a significant privacy risk. The issue affects all iPhones starting from the iPhone 11 and several iPad models. In response, Apple released iOS update 26.4.2 on May 2, 2026, which addresses this vulnerability along with a broader logging vulnerability related to data redaction. Users are strongly encouraged to install the update immediately to enhance their device's security and performance. The update is relatively small, typically under 1GB, and includes improvements in keyboard responsiveness and battery life. The flaw was first highlighted in a YouTube video, which raised awareness about the risks involved. This incident underscores the importance of timely software updates in maintaining user privacy and device integrity. Key Points: • CVE-2026-28950 allows retrieval of deleted notifications, posing a privacy risk. • iOS update 26.4.2 released on May 2, 2026, addresses this critical flaw. • Users are advised to update their devices immediately for optimal security.

Key Entities

• Malware (attack_type)
• CVE-2026-28950 (cve)
• CWE-200 - Exposure of Sensitive Information (cwe)
• T1203 - Exploitation for Client Execution (mitre_attack)
• IOS (platform)
• Coruna (malware)
• DarkSword (malware)