Apple issued an out-of-band emergency patch for CVE-2026-28950, a flaw in iOS and iPadOS that allowed residual notification or cache data from deleted Signal messages to be recovered via forensic methods. Exploitation requires physical or forensic device access; this is a targeted threat, not a mass exploitation risk. Organizations where executives, legal teams, or regulated personnel use Signal for sensitive communications on iOS devices should prioritize patch deployment via MDM within their critical-patch SLA window.