Apple 'Hide My Email' vulnerability reveals peoples' real email addresses
a day ago
- #Privacy
- #Vulnerability
- Apple's Hide My Email service allows iCloud+ users to send and receive emails using random, unique addresses to keep their personal email private.
- Vulnerabilities discovered in Hide My Email enable attackers to uncover the hidden real email addresses behind these aliases.
- The issues were reported to Apple over a year ago, but as of June 30, 2026, they remain unfixed despite Apple claiming fixes on two occasions.
- Researchers realized the vulnerabilities' severity and scope are greater than initially thought, leading to public disclosure to inform users of the risk.
- A timeline details reporting and follow-ups from June 11, 2025, to June 30, 2026, with Apple acknowledging but not effectively resolving the vulnerabilities.
- To protect user privacy, exploit details will not be disclosed until fixes are implemented, but disabling new address creation and notifying users are suggested interim measures.
- The disclosure aims to allow users to account for risks when using Hide My Email and calls for Apple to collaborate openly to resolve the issues promptly.