Apple Hide My Email Bug Exposes Users' Private Addresses in Mail Replies
Key Takeaways
- ▸Mail app displays disabled or incorrect email addresses in To/From fields when replying to Hide My Email messages
- ▸Private Apple Account email addresses can appear in reply drafts without user consent, risking disclosure to recipients
- ▸The X-Icloud-Hme header in email metadata reveals multiple @icloud.com addresses, suggesting Hide My Email may not be properly isolating real from masked addresses
Summary
A newly discovered bug in Apple's Mail app on macOS Sequoia 15.7.7 is exposing users' private email addresses despite their use of the Hide My Email privacy feature. When replying to emails sent through Hide My Email, the Mail app displays confusing and potentially dangerous behavior: reply composition fields show disabled or incorrect email addresses, and raw message headers reveal multiple @icloud.com addresses including what appears to be the sender's unhidden real email. In one case, a user's private Apple Account email address was inserted into a reply composition without consent, threatening to disclose that private address to the recipient. The discovery arrives just weeks after Apple publicly disclosed a separate Hide My Email vulnerability that allows attackers to unhide real email addresses, raising concerns about whether the feature's implementation has systemic architectural flaws. The precise relationship between this new bug and the previously announced vulnerability remains unclear.
- This bug emerges amid a broader pattern of Hide My Email vulnerabilities, suggesting potential architectural weaknesses in Apple's email masking implementation
Editorial Opinion
Apple's Hide My Email feature is demonstrating a troubling pattern: multiple vulnerabilities surfacing in quick succession. This new bug suggests the problems may go beyond isolated security flaws to fundamental design issues in how Apple isolates masked and real email addresses. For users who rely on Hide My Email for professional or personal privacy, these compounding failures significantly undermine trust in the feature's core promise of protection.


