apple patient
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Reviews
  • Insights
No Result
View All Result
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Reviews
  • Insights
No Result
View All Result
apple patient
No Result
View All Result

Hiding email addresses: Security vulnerability exposes real addresses

by Milan
July 1, 2026
in Apple News
Apple Mail

Image: Apple

A feature designed to protect your real email address is apparently doing the opposite. A bug in Apple's "Hide Email Address" allows almost anyone to reveal the hidden address behind an alias – and Apple has left the problem unresolved for over a year.

"Hide My Email" is a feature of the paid iCloud+ subscription that generates random alias addresses and forwards messages to the actual mailbox. The feature is primarily intended for sign-ups and contact with third-party providers – it is meant to shield the real address from spam, data leaks, and unwanted identification. It is precisely this protection promise that has now started to wobble: security researchers have demonstrated a vulnerability that allows the real address behind such an alias to be determined. What is particularly explosive is not just the flaw itself, but the way it has been handled – because Apple was informed about it more than a year ago.

What the gap allows

At its core, this vulnerability undermines the very purpose of the function: instead of remaining anonymous, the underlying real address can be revealed. The severity of the problem is demonstrated by its extent – in tests with volunteers, all tested alias addresses proved vulnerable, i.e., 100 percent.

The technical details of the vulnerability are being deliberately withheld because it remains actively exploitable. The problem was independently verified this week using an address generated by the feature. The fact that a privacy feature can be circumvented in this way is all the more serious because many users rely on it precisely because of this promise (via 404Media).

A year without a solution

The vulnerability was discovered and responsibly reported by security researcher Tyler Murphy, co-founder of the EasyOptOuts service. He informed Apple in June 2025, including instructions on how to reproduce the problem. Apple acknowledged receipt a month later and stated that it was investigating the matter.

The process then dragged on for months. In March 2026, Apple informed the researcher that they had fixed the reported problem with a recent system change - but the vulnerability was still open. Murphy provided further information, whereupon Apple again stated that they were still investigating. In May, the pattern repeated itself: Apple asked that the vulnerability not be made public until the investigation was complete. Murphy's suggestion to temporarily suspend the creation of new alias addresses to limit the risk to customers apparently went unheeded. At the end of May, Apple finally announced that they intended to fix the problem with a security update expected in the coming weeks.

After more than a year without a fix, the researcher decided against further delay. According to him, users deserved to know that attackers might be able to determine their normally hidden addresses.

Why this is sensitive for those affected

The real danger lies less in the revealed email address itself than in what can be deduced from it. Numerous freely accessible personal databases allow an email address to be linked to further personal details. Anyone who relies on "hiding their email address" for security reasons - for example, to protect their identity - could be more exposed than they realize.

This feature is rightly considered one of the most effective methods for protecting your real email address in everyday use by using a separate, disposable address for each service. This very trust is called into question by the vulnerability. To make matters worse, Apple recently migrated the alias addresses to a separate domain called "private.icloud.com" - a move that unintentionally makes it easier for platforms to selectively block iCloud aliases.

A data privacy feature under pressure

This case hits Apple where it hurts, as data privacy has been a key selling point for the company for years. Leaving a feature designed to deliver on this promise vulnerable for over a year hardly aligns with this claim. Until the announced security update is released and demonstrably closes the vulnerability, the situation remains unsatisfactory for everyone who relies on the "hide email address" protection. Whether the promised fix will hold this time remains to be seen – after all, Apple had already announced a fix once before, but the problem wasn't actually resolved. (Image: Apple)

  • iOS 26.6 is approaching: When will Apple release the update?
  • Claude Fable 5 returns: USA lifts export ban
  • Tim Cook is seeking a way forward for Siri AI with the EU
  • Anthropic presents Claude Sonnet 5
  • Apple Creator Studio is getting a major AI update
  • Supreme Court accepts Apple's appeal in the Epic dispute
  • Netflix requires a separate email address for each profile
  • UK plans to open Apple's App Store following the EU model
  • Three AirDrop vulnerabilities discovered – Apple makes improvements
  • Leaked iPhone 18 Pro videos disappear again
  • Apple is bringing forward security updates due to AI threat
  • OpenClaw brings its AI agent to the iPhone as an app
  • iPhone 18 Pro drop tests surface on the dark web
  • iOS 26.5.2, iPadOS 26.5.2 and macOS 26.5.2 are here
  • iOS 26.6 Beta 3: Apple nears completion
  • WhatsApp: Usernames can now be reserved
  • Apple acquires the award-winning design tool Play
  • Indian antitrust case: Apple accuses the authority of plagiarism
  • Apple and Chinese storage: Approval is likely to be difficult
  • Apple is seeking approval for Chinese storage devices
  • The US partially releases Claude Mythos 5
Have you already checked out our Amazon Storefront? You'll find a hand-picked selection of various products for your iPhone and other devices there – enjoy browsing.
This post contains affiliate links.
Add Apfelpatient to your Google News Feed. 
Was this article helpful?
YesNo
Tags: Apple ServicesiOSiPadOSmacOS
Previous Post

iOS 26.6 is approaching: When will Apple release the update?

Hiding email addresses: Security vulnerability exposes real addresses">
Apple Mail

Hiding email addresses: Security vulnerability exposes real addresses

July 1, 2026
iOS 26.6 Beta 1 Apple

iOS 26.6 is approaching: When will Apple release the update?

July 1, 2026
iPhone 17 Apple

iPhone 17: Apple is reportedly slowing down production

July 1, 2026

About APFELPATIENT

Welcome to your ultimate source for everything Apple - from the latest hardware like iPhone, iPad, Apple Watch, Mac, AirTags, HomePods, AirPods to the groundbreaking Apple Vision Pro and high-quality accessories. Dive deep into the world of Apple software with the latest updates and features for iOS, iPadOS, tvOS, watchOS, macOS and visionOS. In addition to comprehensive tips and tricks, we offer you the hottest rumors, the latest news and much more to keep you up to date. Selected gaming topics also find their place with us, always with a focus on how they enrich the Apple experience. Your interest in Apple and related technology is served here with plenty of expert knowledge and passion.

Legal

  • Imprint – About APFELPATIENT
  • Cookie Settings
  • Privacy Policy
  • Terms of Use

Service

  • Netiquette
  • Partner Program
  • Push Notifications

RSS Feed

Follow Apfelpatient:
Facebook Instagram YouTube threads threads
Apfelpatient Logo

© 2026 Apfelpatient. All rights reserved. | Sitemap

No Result
View All Result
  • Home
  • News
  • Rumors
  • Tips & Tricks
  • Reviews
  • Insights

© 2026 Apfelpatient. All rights reserved. Page Directory

Change language to Deutsch