Overview
- A proposed class action was filed in mid‑July by plaintiff Anthony Alvarez accusing Apple of false advertising, fraud, breach of contract and related claims over a reported vulnerability in Hide My Email.
- A security researcher first alerted Apple to the flaw in June 2025 and told media the issue remained verifiable after Apple said a March 2026 system change had fixed it.
- Independent testing by 404 Media confirmed the flaw can link a Hide My Email relay address to a user’s real email but withheld technical details to prevent misuse.
- No public evidence shows the vulnerability was exploited in the wild and Apple has not released a public patch or issued a comment about the lawsuit.
- The complaint seeks money and corrective relief for users who paid for iCloud+ or Apple devices while relying on advertised privacy, a theory that faces proof and class‑certification hurdles but could push Apple to disclose or fix the flaw.