A vulnerability in Apple’s “Hide My Email” tool lets almost anyone discover a person’s real email address even though it’s supposed to be hidden by the feature.

The tech giant has failed to fix it for more than a year, according to a security researcher and 404 Media’s own tests.

Hide My Email was introduced with macOS Monterey. It generates unique, random email addresses that automatically forward to your personal inbox. Each address is unique to you. You can read and respond directly to emails sent to these addresses and your personal email address is kept private.

Apple says it doesn’t read or process any of the content in the email messages that pass through Hide My Email, except to perform standard spam filtering that’s required to maintain our status as a trusted email provider. All email messages are deleted from our relay servers after they’re delivered to you, usually within seconds.

However, Hide My Email is leaking email addresses that are supposed to be hidden. 

“We reported the issue and replication instructions to Apple over a year ago. We don’t know why it hasn’t been fixed, but we don’t feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” Tyler Murphy, the co-founder of EasyOptOuts, which discovered and reported the issue to Apple, told 404 Media.

I hope you’ll help support Apple World Today by becoming a patron. Almost all our income is from Patreon support and sponsored posts. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support. 




Article provided with permission from AppleWorld.Today