:

APPLE PATCHES BUG THAT LET COPS READ DELETED MESSAGES

INDUSTRY DESK2 MIN READ
WED, APR 22, 2026

■ AI-SUMMARIZED FROM 4 SOURCES ▸ TIMELINE

Apple has fixed a vulnerability in iOS and iPadOS that allowed law enforcement to recover deleted chat messages from Signal and other messaging apps using forensic tools.

The bug affected how iPhones and iPads handled deleted data from messaging applications. Forensic tools used by police could access messages that users believed they had permanently removed from Signal. Apple addressed the vulnerability in recent security updates. The issue stemmed from how the operating system managed deleted data in application storage, leaving recoverable traces that law enforcement could extract with specialized forensic equipment. Signal, the encrypted messaging app, had already deleted the messages from its own database. However, the underlying iOS vulnerability meant deleted data remained accessible at the system level, allowing forensic tools to reconstruct the content. Law enforcement agencies have relied on similar forensic extraction methods for years to access data on seized devices. This particular vulnerability represented a gap between user expectations of deletion and actual data removal on Apple devices. The fix ensures that deleted messages are more thoroughly scrubbed from device storage, making recovery significantly more difficult. Apple did not disclose the specific technical details of the vulnerability or name which iOS versions were affected, though the patch was rolled out through standard security updates. This incident highlights the ongoing tension between device security, user privacy, and law enforcement access. While the fix benefits users concerned about data recovery from their devices, it also limits forensic capabilities that police rely on during criminal investigations. Apple regularly patches security vulnerabilities discovered through both internal testing and external security researchers. The company has increasingly emphasized privacy features in its devices, though this often conflicts with law enforcement requests for access to user data.

■ SOURCES

Bleeping ComputerHacker NewsTechCrunchWired

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

SAP released security updates for 16 vulnerabilities in July 2026, including three critical flaws affecting NetWeaver, Commerce Cloud, and AppRouter. The patches address risks across multiple enterprise software components.

3H AGOIndustry Desk

Two newly discovered phishing kits, Jalisco and OmegaLord, are actively targeting Microsoft 365 accounts with techniques designed to circumvent multi-factor authentication protections.

3H AGOSecurity Desk

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and one entity for enabling ransomware attacks against American organizations. The action targets infrastructure providers facilitating cyber threats.

7H AGOSecurity Desk

As scam calls and messages proliferate, ordinary people are turning the tables on fraudsters through scambaiting—deliberately engaging scammers to waste their time and resources.

9H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.