Authored by Brian Quarmby via CoinTelegraph.com,
Tech giant Apple has fixed a security flaw that had allowed the FBI to access a Signal user’s deleted messages through their phone’s push notification database, despite the app being deleted and messages being set to disappear.
In a security advisory released on Wednesday, Apple said it had fixed a bug that allowed “notifications marked for deletion” to be “unexpectedly retained on the device.”
In an Xposton Wednesday, Signal said the update fixed the issue that made a user’s messages retrievable by law enforcement.
"Apple's advisory confirmed that the bugs that allowed this to happen have been fixed in the latest iOS release," Signal said.
Signal uses end-to-end encryption to secure messages between its users. The bug is a reminder that messagingencryption may not be enoughto keep data protected when usingcertain devices or operating systems.
Apple’s notes on the security patch. Source:Apple
This security flaw was firsthighlightedby independent technology news website 404 Media, which reported on April 9 that documents recently unsealed in Texas federal court related to an FBI case over an attack on the Prairieland ICE Detention Facility last July.
The court proceedings showed that the FBI was able to forensically extract a defendant's Signal messages from the iPhone's notification database, which contained cached, readable previews of incoming Signal messages even after disappearing messages were enabled and the app was deleted.
Following the 404 Media report, Signal President Meredith Whittaker called on Apple to quickly fix the issue,notingin an April 14 X post that "notifications for deleted messages shouldn't remain in any OS notification database."
Source: ZeroHedge News
