Apple’s Hide My Email is leaking real addresses

l-intro-1782939230

A vulnerability in Apple’s iCloud+ privacy feature allows attackers to link anonymous email aliases back to a user’s actual email address. Researchers at EasyOptOuts first reported the flaw to Apple in June 2025, but the issue remains unpatched after more than a year.

Tests confirmed that 100% of tested aliases were exploitable. Because the bug is still active, technical details remain undisclosed to protect users.