vulnerability

Apple Hide My Email Vulnerability Exposes Real Email Addresses

A vulnerability in Apple's Hide My Email service, first reported in June 2025, can expose users' real email addresses behind generated aliases, and Apple has yet to fix the issue despite ongoing investigation. The flaw was confirmed to be exploitable in all tested cases, raising concerns about user privacy since exposed email addresses can be linked to personal information via public people-search databases. Apple has stated a fix is expected soon but has not suspended new alias creation or fully resolved the problem more than a year after its discovery.

https://www.macrumors.com/2026/07/01/hide-my-email-vulnerability-exposes-real-addresses/

Why You Can’t Trust Privacy & Security

An investigation using a custom macOS app, Insent, reveals that Apple's Privacy & Security settings can misleadingly suggest an app lacks access to protected folders like Documents when it actually does. The macOS TCC system grants folder access based on user intent (e.g., selecting a folder via Open Panel), which circumvents typical consent prompts and disables effective revocation via Settings, requiring terminal commands and a restart to reset permissions. This exposes a discrepancy where Security settings do not accurately reflect an app’s actual access, raising concerns about the reliability of these macOS privacy controls.

https://eclecticlight.co/2026/04/10/why-you-cant-trust-privacy-security/

OpenClaw Gives Users yet Another Reason to Be Freaked Out About Security

Security researchers have warned users of OpenClaw, a viral AI agentic tool that accesses numerous user resources, due to a recently fixed high-severity vulnerability allowing attackers with minimal permissions to escalate to full administrative control without user interaction. This flaw, rated up to 9.8 out of 10 in severity, enabled silent approval of device pairing requests, potentially compromising thousands of instances, many of which lacked authentication, leading experts to advise users to assume compromise and reconsider using the tool.

https://arstechnica.com/security/2026/04/heres-why-its-prudent-for-openclaw-users-to-assume-compromise/

Scroll to Top