A vulnerability in Apple’s Hide My Email feature has been found that may expose your primary email, but Apple might not be in a rush to fix it.
According to 404Media’s Joseph Cox, the issue was first raised with Apple by personal data removal service EasyOptOuts more than a year ago. Apple reportedly acknowledged the communication problem with EasyOptOuts’ co-founder, Tyler Murphy, but the company has said it is still investigating.
In addition to telling Murphy it was investigating the problem, the company also told him not to publicly share any details about the vulnerability.
Murphy told 404Media that in limited tests with volunteers, “100 per cent of Hide My Email addresses were exploitable.”
As expected, the report from 404Media doesn’t explain exactly how the exploit works (probably for a good reason), but it notes that Murphy was able to find a real email address using a newly generated Hide My Email address.
To add some context, Apple’s Hide My Email feature is available with Paid iCloud+ subscriptions and generates randomized addresses linked to your main inbox that don’t include any variation of your real email address. The idea is that if the generated email address ends up on a mailing list you don’t want, it’s much easier to deal with than if your permanent iCloud email were on that same list.
Source: 404Media Via Android Authority
