BotBeat
...
← Back

> ▌

AppleApple
RESEARCHApple2026-07-03

Apple 'Hide My Email' Vulnerability Exposes Users' Real Email Addresses After Year of Inaction

Key Takeaways

  • ▸A security flaw in Apple's 'Hide My Email' feature allows real email addresses to be revealed, defeating its core privacy purpose
  • ▸The vulnerability has remained unfixed for over a year despite being known to security researchers
  • ▸Apple has not publicly disclosed the issue or provided users with guidance on the vulnerability
Source:
Hacker Newshttps://www.404media.co/apple-hide-my-email-vulnerability-reveals-peoples-real-email-addresses/↗

Summary

A vulnerability in Apple's "Hide My Email" privacy feature allows unauthorized individuals to discover users' real email addresses that were supposed to be hidden, according to security researchers and verified testing by 404 Media. The flaw has persisted for more than a year without being fixed, leaving millions of iOS and iCloud users potentially at risk. The "Hide My Email" feature, integrated into Apple's ecosystem since iOS 15, was designed to help users maintain email privacy by generating disposable relay addresses instead of revealing their actual email. However, the newly discovered vulnerability circumvents this protection entirely, undermining a key selling point of Apple's privacy-focused positioning.

Despite awareness of the issue, Apple has not publicly disclosed the vulnerability, provided any timeline for a fix, or notified affected users. Security researchers have withheld detailed technical information to prevent widespread exploitation until Apple addresses the issue. The incident raises serious questions about Apple's commitment to privacy protection and its vulnerability disclosure practices.

  • 404 Media has independently verified the vulnerability's existence and active exploitability

Editorial Opinion

This vulnerability highlights an important gap between Apple's privacy-focused messaging and the reality of protecting users from real threats. While security researchers have worked responsibly to avoid disclosure before Apple can implement fixes, the year-long delay raises questions about whether privacy features receive adequate scrutiny during development and maintenance. For users who chose Apple specifically for its privacy protections, this incident underscores the need for more transparency in vulnerability disclosure and faster patching of privacy-critical features.

CybersecurityPrivacy & Data

More from Apple

AppleApple
PRODUCT LAUNCH

Apple's fm CLI: Powerful AI Scripting with Significant Restrictions

2026-07-03
AppleApple
UPDATE

Apple Unifies Email Domains for Sign in with Apple and iCloud+ Hide My Email

2026-06-16
AppleApple
UPDATE

Apple Explains New Terminal Paste Security Warning in macOS

2026-06-16

Comments

Suggested

AnthropicAnthropic
RESEARCH

Research: How URLs in Prompts Can Influence LLM Outputs Toward Training Data

2026-07-03
KagiKagi
UPDATE

Kagi Empowers Users with AI Toggle, Launches Orion 1.1 Browser

2026-07-03
AnthropicAnthropic
POLICY & REGULATION

Alibaba Bans Claude Code Over Hidden Tracking Code Discovered in Anthropic's Developer Tool

2026-07-03
← Back to news
© 2026 BotBeat
AboutPrivacy PolicyTerms of ServiceContact Us