← Trang chủ

Lỗ hổng bảo mật trong tính năng Hide My Email của Apple để lộ địa chỉ email thực

Lỗ hổng bảo mật trong tính năng Hide My Email của Apple để lộ địa chỉ email thực
📖 Ý chính đáng đọc

Tính năng Hide My Email của Apple, được thiết kế để bảo vệ quyền riêng tư người dùng bằng cách tạo các địa chỉ email ẩn danh, có chứa một lỗ hổng bảo mật cho phép những kẻ xấu dễ dàng khám phá địa chỉ email thực của người dùng. Nhà nghiên cứu Tyler Murphy phát hiện lỗ hổng này và báo cáo cho Apple hơn một năm trước, nhưng Apple vẫn chưa khắc phục. Các bài kiểm tra cho thấy 100% các địa chỉ được tạo bởi Hide My Email đều có thể bị lộ địa chỉ email gốc.

📄 NGUYÊN VĂN (NGUỒN GỐC)

A flaw in Apple's Hide My Email service can reportedly allow almost anyone to uncover the real email address behind a generated alias, and Apple has failed to address it for more than a year since it was first reported. 404 Media is withholding the technical specifics of the vulnerability because it remains exploitable, but the publication verified the issue this week using one of its own Hide My Email addresses. In tests with volunteers by the researcher who discovered the flaw, 100% of Hide My Email addresses were found to be exploitable. Tyler Murphy, co-founder of EasyOptOuts, discovered the issue and responsibly reported it to Apple in June 2025, along with instructions to replicate it. Apple acknowledged the report a month later and said it was investigating. Murphy said: Apple Hide My Email is leaking email addresses that are supposed to be hidden. We reported the issue and replication instructions to Apple over a year ago. We don't know why it hasn't been fixed, but we don't feel comfortable waiting any longer. Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses. Free, publicly accessible people-search sites make it easy to link an email address to other personal details, so people relying on Hide My Email for safety may be at risk. In March 2026, Apple told Murphy it had "addressed the reported issue in a recent system change," but Murphy found the flaw had not in fact been closed. He provided further information, and Apple replied again to say it was still investigating. In May, Apple once more said the issue remained under investigation and asked Murphy not to disclose it publicly until the inquiry was complete. Murphy proposed that Apple suspend the creation of new Hide My Email addresses as an interim measure to limit customer risk, but there is no indication that suggestion was acted on. By the end of May, Apple said it expected to address the issue in a security update "expected in the coming weeks." Hide My Email is an iCloud + feature that lets users generate random alias email addresses, primarily for use when signing up to services or corresponding with third parties. It is designed to protect a user's real email address from spam, data breaches, and unwanted identification. Murphy noted that numerous people-search databases are freely available online and can tie an email address to a person's other personal details, meaning anyone depending on Hide My Email for their safety may be more exposed than they realize. Last month, it emerged that Apple's decision to move Hide My Email to a dedicated "private.icloud.com" domain appears to have the consequence of making it easier for platforms that want to block ‌iCloud‌ aliases to do so. Tag: Apple Mail This article, " Apple Hide My Email Vulnerability Exposes Real Email Addresses " first appeared on MacRumors.com Discuss this article in our forums

Trích từ nguồn gốc. Đọc bài đầy đủ qua nút “Mở bài gốc ↗” bên dưới.
Mở bài gốc trên MacRumors