HeadlinesBriefing favicon HeadlinesBriefing.com

Apple Hide My Email Vulnerability Exposes Real Addresses Despite Privacy Claims

9to5Mac •
×

A serious privacy flaw in Apple's Hide My Email feature allows attackers to discover real email addresses linked to iCloud accounts. Security researcher Tyler Murphy found that 100% of generated addresses could reveal the actual email behind the privacy protection. The issue affects users who rely on this feature to shield their primary email from websites and services.

Murphy reported the vulnerability to Apple in June 2023, but it remained unfixed despite Apple claiming resolution in March 2024. He verified with 404 Media that the bug still works as of Monday. Murphy chose to go public after repeatedly contacting Apple about the unresolved issue, though he hasn't disclosed technical details to prevent exploitation.

Apple recently announced plans to use a new domain, private.icloud.com, for Hide My Email addresses. However, some users criticized this change because companies could easily block the entire domain to circumvent the privacy feature. The timing raises questions about whether the domain switch addresses this specific vulnerability.

This represents a significant failure in Apple's privacy infrastructure, particularly concerning given the company's emphasis on protecting user data. Users of Hide My Email should consider this feature compromised until Apple provides a verified fix.