”Hide My Email users deserve to know that it may be possible for attackers to discover their hidden email addresses,” the person who reported the issue said.
No detail given outside of it was disclosed to Apple a year ago, and - despite repeated gentle, respectful prodding - the problem still hasn’t been fixed, so now the people who found it are revealing to the public that it exists, and the website reporter says they confirmed it. Coincidentally(?), Apple recently said they’re going to change the way spoofed emails work - of course, the change will make it obvious it’s a spoofed address so it’ll be easy to reject them.
tl;dr?
No detail given outside of it was disclosed to Apple a year ago, and - despite repeated gentle, respectful prodding - the problem still hasn’t been fixed, so now the people who found it are revealing to the public that it exists, and the website reporter says they confirmed it. Coincidentally(?), Apple recently said they’re going to change the way spoofed emails work - of course, the change will make it obvious it’s a spoofed address so it’ll be easy to reject them.
What was disclosed? What is the vulnerability?
The fact the is a vulnerability/exploit to get the true email address exists. Has now been publicly disclosed so people know it exists.
They aren’t going to disclose that publicly.