Earlier this week, Apple released iOS 26.4.2, which, according to Apple, includes only a single security patch for “Notification Services.” While it seemed like a fairly innocuous fix for deleted notifications that “could be unexpectedly retained on the device,” it turns out that the flaw is a bigger deal than it seems.

According to The Hacker News, the vulnerability was used by the U.S. Federal Bureau of Investigation (FBI) in a case in Texas. The FBI exploited the flaw to get Signal messages from a defendant’s iPhone, even though Signal had been deleted from the device. The site reports that the deleted messages were retrieved in connection with an attack on the Prairieland ICE detention center facility after the app was deleted, by taking advantage of copies of the content saved in the device’s push notification database.

Signal is a messaging app with increased privacy controls, including end-to-end encryption, automatic message deletion, message history stored on-device instead of on servers, and code verification of messages. Signal is often used by journalists, government officials, and other users who want increased security.

The flaw was important enough to Apple that it issued the iOS 26.4.2 update just to fix the vulnerability. If you are a Signal user, you should install the update as soon as possible (Settings > General > Software Update). The iPhone will need to restart. Learn more about iOS 26 in our superguide.