f in x
Apple Hide My Email Vulnerability Exposes Real Addresses: Flaw Unfixed for Over a Year
> cd .. / HUB_EDITORIALE
News

Apple Hide My Email Vulnerability Exposes Real Addresses: Flaw Unfixed for Over a Year

[2026-07-01] Author: Meteora Web Redazione
Zenithby Meteora Web The operating system for your business. Social, clients, bookings and invoices in one platform. Gyms, barbers, professionals. Discover Zenith Free demo · no card

A serious security bug in Apple's Hide My Email service allows anyone to uncover the real email address behind a generated alias. The vulnerability, discovered by security researcher Tyler Murphy, was reported to Apple over a year ago, but the company has not released a fix. Tests conducted by Murphy achieved a 100% success rate in retrieving the true addresses. The news was first reported by 404 Media, which withheld technical details to prevent exploitation.

How the bug works and its impact on privacy

Hide My Email is an iCloud+ feature that creates random email addresses for use in place of your real one, protecting user privacy. However, the flaw found by Murphy allows this protection to be bypassed. According to the researcher, simply sending an email to a generated alias triggers an automatic response that reveals the real address. The issue affects all recent versions of iOS and macOS, and any Hide My Email user is potentially exposed. This means spammers, advertisers, or malicious actors could easily obtain the real address, undermining the service's purpose.

Sponsored Protocol

Apple's lack of response and the consequences

Murphy reported the bug through Apple's bounty program in March 2025, but the company never acknowledged the issue or issued a patch. After more than 15 months of waiting, the researcher went public via 404 Media. Apple has not officially commented, but sources close to the company say the security team is still evaluating the bug's severity. This sluggishness is concerning, especially since competing services like DuckDuckGo Email Protection and Firefox Relay offer secure alternatives. The lack of a fix exposes millions of users to potential privacy breaches.

Sponsored Protocol

Comparison with other vulnerabilities and lessons learned

This is not the first time Apple has faced criticism for vulnerability management. For example, a previous Safari bug allowed websites to track users despite privacy settings. Additionally, recent attacks on AI browsers have shown how security guardrails can be bypassed with false premises, as covered in our related article (link). Similarly, OpenAI imposed restrictions in Europe, raising data protection concerns (link). The Hide My Email case highlights the need for greater transparency and responsiveness from big tech.

Sponsored Protocol

For more on email address protection, refer to Wikipedia's article on email privacy (external link).

What users can do to protect themselves

While waiting for an official fix, users can take temporary measures. Disable Hide My Email temporarily and switch to alternatives like DuckDuckGo Email Protection or SimpleLogin. Also, avoid using generated aliases for critical services such as banking or government accounts. Monitoring iCloud settings is essential to spot any anomalies. Apple, for its part, should speed up response times and clearly communicate mitigation steps.

Source: https://www.macrumors.com/2026/07/01/hide-my-email-vulnerability-exposes-real-addresses

Meteora Web Redazione

> AUTHOR_EXTRACTED

Meteora Web Redazione

La redazione di Meteora Web Agency: ingegneri informatici e professionisti del digitale che pubblicano ogni giorno news e approfondimenti su tecnologia, software, marketing e innovazione.
[ Read Full Dossier ]

> METEORA_WEB // DIGITAL AGENCY

We build the digital presence your business deserves.

Websites, social media, online advertising, e-commerce and high-performance hosting, engineered with method by computer engineers in Sciacca, for all of Italy.

> MW_JOURNAL

> READ_ALL()