HeadlinesBriefing favicon HeadlinesBriefing.com

Apple Leaves Hide My Email Privacy Flaw Unpatched for a Year

AppleInsider •
×

Apple has left a Hide My Email vulnerability unpatched for over a year, allowing attackers to potentially discover users' real email addresses. The privacy feature, designed to shield personal emails from spam and unwanted marketing, creates randomized relay addresses for online signups.

Easy Opt Outs co-founder Tyler Murphy found the flaw in June 2025 and reported it responsibly to Apple. Despite confirming investigation just one month later, Apple claimed in March 2026 it had addressed the issue—only for Murphy to discover the vulnerability remained active. Apple repeatedly asked Murphy to delay disclosure while continuing to investigate.

AppleInsider reports that Apple promised a fix in an upcoming security update by late May 2026, but users remain exposed. Meanwhile, upcoming domain changes from iCloud.com to private.icloud.com could make relay addresses easier to identify and block, potentially undermining the service's core privacy protection.

The extended delay raises concerns about Apple's commitment to user privacy protections. With public tools already available that can link email addresses to personal information, Hide My Email users face ongoing risks without an official patch in sight.