Recent analyses indicate that Apple’s ‘Hide My Email’ feature, engineered to safeguard user privacy by concealing genuine email addresses, may harbor a significant security vulnerability. This flaw could potentially expose users’ actual email identities, as highlighted by new research findings.
The concern was initially brought to light by 404 Media, referencing cybersecurity expert Tyler Murphy, who alleges he unearthed the vulnerability over a year ago and communicated it to Apple. Despite multiple notifications from Murphy, the company has yet to rectify the flaw.
Part of iCloud+, the Hide My Email functionality enables users to create distinctive, disposable email addresses that redirect messages to their main inbox.
This feature is frequently employed during registrations for apps, newsletters, and websites, affording users the ability to maintain the confidentiality of their personal email addresses while mitigating spam influx.
Exploitable Bug Revealed
Murphy asserts that every Hide My Email address evaluated in preliminary experiments could be traced back to the user’s authentic email address.
He informed 404 Media that all attempts to exploit this vulnerability, conducted with the assistance of volunteer participants, were unequivocally successful.
“The complete extent of the issue remains uncertain, but in our limited experimental trials, every Hide My Email address was vulnerable,” Murphy reportedly stated.
He cautioned that if malicious actors succeed in uncovering a user’s primary email address, publicly accessible people-search databases may facilitate the linkage of that email with additional personal data, engendering potential privacy and security threats.
A History of Privacy Concerns
This incident is not an isolated occurrence in the realm of Apple’s privacy features.
In 2022, the tech giant faced litigation after allegations surfaced indicating that certain iPhone applications continued transmitting analytics data to Apple, even when users had disabled the iPhone Analytics option.
A year later, security experts raised doubts regarding the efficacy of Apple’s Wi-Fi privacy mechanisms, reporting that a feature intended to randomize device MAC addresses could inadvertently disclose users’ authentic hardware identifiers under specific circumstances.
Although these concerns diverge technically from the recently identified Hide My Email flaw, they evoke similar apprehensions regarding the reliability of Apple’s privacy safeguards in practice.

Currently, there is no evidence to suggest that the reported vulnerability is being exploited on a wide scale, and researchers have strategically withheld technical specifics to mitigate potential misuse.
Source link: Indianexpress.com.






