On July 1st local time, 404 Media, a foreign media outlet, exposed a high-risk vulnerability in Apple's iCloud+ exclusive privacy feature "Hide My Email". Hackers could reverse obtain users' real email addresses through anonymous aliases. This paid privacy tool has completely failed. Security researcher Taylor Murphy submitted a complete vulnerability report a year ago. Apple falsely claimed that the issue had been fixed externally, but the actual security risks still existed. Millions of paid subscribers were at risk of having their privacy compromised.
"Hide My Email" is the core paid feature of Apple's privacy label. Users can generate random anonymous email addresses to forward emails from various websites, isolating third parties from their personal accounts and resisting ad tracking and spam emails. It is also a key reason why many privacy-conscious users purchase iCloud+. According to the product design, the alias email and the main email should be completely isolated. However, this vulnerability has opened a reverse traceability channel, allowing attackers to quickly identify the user's real identity, completely shattering the core protection logic of the product.
Compared to the vulnerability itself, Apple's delaying one year and falsely claiming to have fixed the issue has drawn more industry criticism. Global common security standards require enterprises to complete the repair of high-risk vulnerabilities within 90 days and disclose the risks. When Murphy submitted the report, he attached a complete reproduction process and risk assessment. After Apple confirmed the receipt of the report, it deliberately postponed the rectification for a long time. During the multiple system updates in the past year, Apple deliberately claimed to optimize email privacy protection and deliberately concealed the fact that the vulnerability had not been repaired. It was not until the media presented real test evidence to expose it that Apple hurriedly developed a patch, seriously violating the safety performance standards of technology enterprises.
This vulnerability has衍生 multiple security risks, affecting both ordinary people and high-sensitive professional groups. If the anonymous email used by ordinary users for online shopping and social registration is scraped, hackers can restore the real email address in batches and precisely send phishing emails, combined with leaked information from the network to carry out telecommunications fraud. Journalists, lawyers, and financial professionals often rely on this function to handle private clues and communicate with clients. The vulnerability directly exposes all private communications; small and medium-sized enterprises relying on this function to protect business registration information will also face the risk of commercial information leakage.
For a long time, Apple has used privacy protection as its core competitive advantage, relying on extensive publicity to shape the image of "user privacy guardian", thereby differentiating itself from Google and other enterprises. However, in recent years, Apple has repeatedly exposed various privacy protection flaws. This major vulnerability in the paid tool directly impacts the brand foundation: paid services cannot fulfill the basic security commitment, deliberately concealing the safety risks, and falsely advertising the progress of the repair. It has continuously consumed the long-term trust established by the public. European and American data regulatory agencies have announced to launch investigations to verify whether Apple has violated local data protection regulations. If confirmed to be in violation, Apple may face huge fines and mandatory safety rectification.
This incident has also sounded the alarm for the global technology industry. Currently, many technology enterprises are launching paid privacy value-added services, treating data protection as a profit-selling point. However, they generally emphasize marketing and neglect the bottom-level security construction. The vulnerability response mechanism is superficial and ignores the higher security demands of paid users. Enterprises cannot treat privacy protection as a marketing gimmick; they must improve third-party security audits, establish an open and transparent vulnerability notification system, strictly adhere to the vulnerability repair time limit,and completely avoid short-sighted behaviors of covering up risks. For ordinary users, there is no absolutely secure single privacy tool. Even the paid products of leading companies have flaws, and they need to be combined with secondary verification and independent password management tools to reduce information leakage losses in multiple layers of protection.
According to Dawn News, recently, Chief Minister Syed Murad Ali Shah of Sindh Province has taken a series of measures regarding the wheat market.
According to Dawn News, recently, Chief Minister Syed Murad…
On July 1st local time, 404 Media, a foreign media outlet, …
From reaching a historical peak of $5598 per ounce in late …
On July 5, 2026, Yahoo Finance reported that QTS, a data ce…
In the early hours of July 6, the Russian military launched…
A survey conducted by the UK Financial Conduct Authority (F…