Apple's 'Hide My Email' Feature Found Vulnerable to Linking Real Email Addresses
A vulnerability in Apple's Hide My Email feature, available to iCloud+ subscribers, may allow attackers to link anonymous email addresses to users' real ones, according to a report by 404 Media.

Apple's Hide My Email feature, which allows iCloud+ subscribers to create anonymous email addresses to protect their personal information from spam and data trackers, may not be as private as intended. According to a report by 404 Media, a vulnerability has been discovered that could allow hackers to connect users' real email addresses to the anonymized ones created by Apple.
The issue was uncovered by the team at EasyOptOuts. CEO Tyler Murphy stated that the group contacted Apple about the vulnerability and how to reproduce it a year ago. Apple reportedly responded at various points that it was investigating the problem or that a fix was in development or already deployed. However, Murphy and 404 reporter Joseph Cox were able to exploit the vulnerability for this article. The exact details of the exploit have not been disclosed due to the potential risk to Apple users.
"We don't know why it hasn't been fixed, but we don't feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses," Murphy told 404. He added, "We don't know the full scope of the issue, but in our limited tests with volunteers, 100 percent of Hide My Email addresses were exploitable." Apple has not yet commented on the matter.


