A significant privacy vulnerability in Apple’s popular “Hide My Email” service is allowing attackers to uncover users’ real email addresses, undermining a key feature designed to protect user anonymity online. The issue, first reported to Apple more than a year ago, remains unfixed as of this week, according to security researcher Tyler Murphy and independent verification by 404 Media. “Hide My Email,” available to iCloud+ subscribers, lets users generate unique, random forwarding addresses (typically ending in domains like @privaterelay.appleid.com or iCloud.com) when signing up for apps and websites. These relay addresses forward mail to the user’s actual inbox while keeping their personal email private, helping combat spam and data breaches. However, a flaw in the implementation now makes it possible for almost anyone to link these hidden addresses back to the user’s real email, according to Murphy, co-founder of EasyOptOuts. He first reported the vulnerability and provided replication steps to Apple in June 2025. In communications shared with 404 Media, Murphy stated: “Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses.” He expressed frustration over Apple’s delayed response and decided to go public after more than 12 months without a fix. 404 Media confirmed the vulnerability is still exploitable as recently as Monday using one of its own test accounts. The outlet chose not to publish the exact technical details to prevent active abuse while the bug persists. Apple’s Response and Ongoing Investigation • Apple has been aware of the problem since shortly after Murphy’s initial report. In internal communications:One month after disclosure, Apple said it was investigating. • In March 2026, the company claimed the issue had been “addressed in a recent system change”—but Murphy found it was not resolved. • Further updates in April and May described additional checks and promised a fix in an upcoming security update “in the coming weeks.” Apple has not responded to recent inquiries from 404 Media about the status. The vulnerability comes amid broader changes to the service. In mid-June 2026, Apple announced it would consolidate Hide My Email and Sign in with Apple relay addresses under the @private.icloud.com domain. While intended to streamline operations, critics worry this could make it easier for websites to detect and block anonymized addresses, potentially reducing the feature’s effectiveness. See also: Apple is poised to ruin ‘Hide My Email’ aliases – June 17, 2026 Potential Risks for Users Security experts note that once a real email is exposed, it can be cross-referenced with public data brokers and people-search sites, revealing names, locations, and other personal details. This defeats the privacy purpose for users relying on the tool for sensitive sign-ups, anonymous feedback, or avoiding harassment. Murphy’s disclosure highlights ongoing challenges in Apple’s privacy ecosystem, even as the company heavily markets features like Hide My Email and Private Relay as robust protections against tracking and spam. Users concerned about the issue are advised to monitor Apple’s security updates closely and consider supplementary privacy measures, such as using dedicated alias services from other providers or VPNs with email masking. Apple has not issued specific guidance on the vulnerability at the time of publication. This story is developing. Apple is expected to address the bug in a forthcoming iOS/security update. Support MacDailyNews at no extra cost to you by using this link to shop at Amazon. The post Apple’s ‘Hide My Email’ feature exposes real addresses due to unfixed vulnerability reported over a year ago appeared first on MacDailyNews. Invite your friends and earn rewards
If you enjoy MacDailyNews, share it with your friends and earn rewards when they subscribe.
|
Wednesday, July 1, 2026
Apple’s ‘Hide My Email’ feature exposes real addresses due to unfixed vulnerability reported over a year ago
Subscribe to:
Post Comments (Atom)
Apple’s ‘Hide My Email’ feature exposes real addresses due to unfixed vulnerability reported over a year ago
A significant privacy vulnerability in Apple’s popular “Hide My Email” service is allowing attackers to uncover users’ real email address...
-
Apple TV+ has signed a new multi-year, first-look feature film deal with The North Road Company’s Chernin Entertainment, the flagship… ͏ ...
-
Thank you for reading MacDailyNews. As a token of our appreciation, we're offering you a limited-time offer of 20% off a paid subscript...
-
Apple, aiming push more urgently into the smart home market, is said to be nearing the launch of a new product category: a wall-mounted disp...


No comments:
Post a Comment