Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

PSA: Apple's Podcasts App Could Be Enabling Malicious Content Delivery

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
70,430
42,089


Security researchers have identified suspicious activity in Apple's Podcasts app that could be used to deliver malicious content to users, based on a report by 404Media's Joseph Cox.

Apple-Podcasts-Award.jpg

Cox's report describes some odd experiences with the Podcasts app that certainly suggest something untoward is going on across both iOS and macOS versions. He says that over recent months, the app has automatically launched and displayed unusual podcasts without his input. On Mac and iPhone, the app has opened religion, spirituality, and education podcasts for no apparent reason, in some cases even launching themselves the moment Cox unlocked his device.

The podcasts in question often feature strange titles containing code fragments, URLs, and in some cases, attempts at cross-site scripting attacks.

Objective-See security expert Patrick Wardle told Cox he was able to replicate similar behavior, but in his case via a website. "Simply visiting a website is enough to trigger Podcasts to open (and load a podcast of the attacker's choosing), and unlike other external app launches on macOS, no prompt or user approval is required," Wardle told 404 Media.

One particularly concerning podcast apparently includes a link that redirects to a site attempting an XSS attack – a technique in which attackers inject malicious code into otherwise legitimate-looking websites. When visited, the site displays a pop-up acknowledging the XSS attempt.

Wardle notes that while this behavior isn't immediately dangerous on its own, it creates an effective delivery mechanism if vulnerabilities do exist within the Podcasts app. "The level of probing shows that adversaries are actively evaluating the Podcasts app as a potential target," he said.

The situation bears similarities to reports of Google Calendar spam from several years ago, where bad actors would add unsolicited events containing links or promotional content to users' calendars.

Apple did not respond to Cox's multiple requests for comment about the issue. Has the Podcasts app exhibited similar unusual behaviour in your experience? Let us know in the comments.

Article Link: PSA: Apple's Podcasts App Could Be Enabling Malicious Content Delivery
 
Article Link
https://www.macrumors.com/2025/11/28/psa-apple-podcasts-app-malicious-content-delivery/
Last edited:
  • Haha
  • Like
Reactions: mentaluproar, hch720, WarmWinterHat and 1 other person
“Through the App Review process, we work to ensure apps come from vetted sources and are free of known malicious components. We also check that the apps aren’t trying to trick you into making unwanted purchases or providing access to personal data. We screen developers and users, expelling those who misbehave.
Click to expand...


Hmmm, they must've missed this one..
 
  • Haha
  • Like
Reactions: Shirasaki, uther, xxFoxtail and 1 other person
Disclose to media before reporting might be more money less time for Joseph cox than the bounty process. Didn't read the 404 article (next) but this sounds poorly researched and not at all forensically documented.
 
  • Like
Reactions: jordanlucero
MacRumors said:
Simply visiting a website is enough to trigger Podcasts to open (and load a podcast of the attacker's choosing), and unlike other external app launches on macOS, no prompt or user approval is required,
Click to expand...
Why is it considered a bug of Podcasts and not of Safari?
 
Last edited:
Sounds more like a case of Joseph Cox. is being hacked and his devices are compromised.....
Yes, the Podcast App may be the one affected, but it sounds like it's been triggered by a compromised device.
 
MacRumors said:


Security researchers have identified suspicious activity in Apple's Podcasts app that could be used to deliver malicious content to users, based on a report by 404Media's Joseph Cox.

Apple-Podcasts-Award.jpg

Cox's report describes some odd experiences with the Podcasts app that certainly suggest something untoward is going on across both iOS and macOS versions. He says that over recent months, the app has automatically launched and displayed unusual podcasts without his input. On Mac and iPhone, the app has opened religion, spirituality, and education podcasts for no apparent reason, in some cases even launching themselves the moment Cox unlocked his device.

The podcasts in question often feature strange titles containing code fragments, URLs, and in some cases, attempts at cross-site scripting attacks.

Objective-See security expert Patrick Wardle told Cox he was able to replicate similar behavior, but in his case via a website. "Simply visiting a website is enough to trigger Podcasts to open (and load a podcast of the attacker's choosing), and unlike other external app launches on macOS, no prompt or user approval is required," Wardle told 404 Media.

One particularly concerning podcast apparently includes a link that redirects to a site attempting an XSS attack – a technique in which attackers inject malicious code into otherwise legitimate-looking websites. When visited, the site displays a pop-up acknowledging the XSS attempt.

Wardle notes that while this behavior isn't immediately dangerous on its own, it creates an effective delivery mechanism if vulnerabilities do exist within the Podcasts app. "The level of probing shows that adversaries are actively evaluating the Podcasts app as a potential target," he said.

The situation bears similarities to reports of Google Calendar spam from several years ago, where bad actors would add unsolicited events containing links or promotional content to users' calendars.

Apple did not respond to Cox's multiple requests for comment about the issue. Has the Podcasts app exhibited similar unusual behaviour in your experience? Let us know in the comments.

Article Link: PSA: Apple's Podcasts App Could Be Enabling Malicious Content Delivery
Click to expand...
Wait a second, my podcast app automatically opens in the background for some reason recently (can be seen through Force Quit Apps menu), but it doesn’t play anything. Does anybody’s podcast app behaves the same?
 
zuongpham said:
Wait a second, my podcast app automatically opens in the background for some reason recently (can be seen through Force Quit Apps menu), but it doesn’t play anything. Does anybody’s podcast app behaves the same?
Click to expand...
Nope, I don't have the Podcast app opening on it's own. Works correctly as expected
 
zuongpham said:
Wait a second, my podcast app automatically opens in the background for some reason recently (can be seen through Force Quit Apps menu), but it doesn’t play anything. Does anybody’s podcast app behaves the same?
Click to expand...
Yes! I was thinking the same thing as I read the article and was relieved to see your comment. I’m not the only one.
 
Hopefully Apple will fix it immediately if something is wrong. Would like to hear some sort of clarification from Apple regarding this.
 
  • Like
Reactions: mganu
I haven't had problems with the podcast app, I do have an iPhone SE with "ghost touch" problems. Ghost touch was never definitively explained, it was probably caused by a security problem. I've also seen Safari and other apps launch on my iPad without prompting. I wouldn't be surprised if unprompted launching of the podcast app was enabled by a vulnerability and backdoor. The "Operation Triangulation" vulnerability enabled a backdoor that was left open for several years. Despite being persistently used by the NSA, it wasn't fixed until it was identified by a researcher at Kaspersky.
 
Last edited:
  • Wow
Reactions: Shirasaki
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back