PSA: Apple's Podcasts App Could Be Enabling Malicious Content Delivery - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

PSA: Apple's Podcasts App Could Be Enabling Malicious Content Delivery

by

Security researchers have identified suspicious activity in Apple's Podcasts app that could be used to deliver malicious content to users, based on a report by 404Media's Joseph Cox.

Apple Podcasts Award
Cox's report describes some odd experiences with the Podcasts app that certainly suggest something untoward is going on across both iOS and macOS versions. He says that over recent months, the app has automatically launched and displayed unusual podcasts without his input. On Mac and iPhone, the app has opened religion, spirituality, and education podcasts for no apparent reason, in some cases even launching themselves the moment Cox unlocked his device.

The podcasts in question often feature strange titles containing code fragments, URLs, and in some cases, attempts at cross-site scripting attacks.

Objective-See security expert Patrick Wardle told Cox he was able to replicate similar behavior, but in his case via a website. "Simply visiting a website is enough to trigger Podcasts to open (and load a podcast of the attacker's choosing), and unlike other external app launches on macOS, no prompt or user approval is required," Wardle told 404 Media.

One particularly concerning podcast apparently includes a link that redirects to a site attempting an XSS attack – a technique in which attackers inject malicious code into otherwise legitimate-looking websites. When visited, the site displays a pop-up acknowledging the XSS attempt.

Wardle notes that while this behavior isn't immediately dangerous on its own, it creates an effective delivery mechanism if vulnerabilities do exist within the Podcasts app. "The level of probing shows that adversaries are actively evaluating the Podcasts app as a potential target," he said.

The situation bears similarities to reports of Google Calendar spam from several years ago, where bad actors would add unsolicited events containing links or promotional content to users' calendars.

Apple did not respond to Cox's multiple requests for comment about the issue. Has the Podcasts app exhibited similar unusual behaviour in your experience? Let us know in the comments.

Tags: Apple Podcasts, Security

Popular Stories

imac video apple feature

Apple Released Yet Another New Product Today

Friday March 20, 2026 2:39 pm PDT by
Apple has unveiled a whopping nine new products so far this March, including an iPhone 17e, iPad Air models with the M4 chip, MacBook Air models with the M5 chip, MacBook Pro models with M5 Pro and M5 Max chips, the all-new MacBook Neo, an updated Studio Display, a higher-end Studio Display XDR, AirPods Max 2, and now the Nike Powerbeats Pro 2. iPhone 17e features the same overall design as...
Read Full Article
iPhone 18 Pro Deep Red Feature

iPhone 18 Pro Launching Later This Year With These 12 New Features

Wednesday March 18, 2026 7:39 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another six months or so, there are already plenty of rumors about the devices. It was initially reported that the iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that only one Face ID component...
Read Full Article80 comments
ios 26 4 pastel

iOS 26.4: Top 10 New Features Coming to Your iPhone

Friday March 20, 2026 2:44 pm PDT by
iOS 26.4 isn't the major update with new Siri features that we hoped for, but there are some useful quality of life improvements, and a little bit of fun with an AI playlist generator and new emoji characters. Playlist Playground - Apple Music has a Playlist Playground option that lets you generate playlists from text-based descriptions. You can include moods, feelings, activities, or...
Read Full Article51 comments

Top Rated Comments

WarmWinterHat Avatar
WarmWinterHat
16 weeks ago

Hmmm, they must've missed this one..
No app review process on internally produced apps, like Podcasts.

Hence why they can violate half the rules they make others follow. 😒
Score: 7 Votes (Like | Disagree)
D
Danilamak
16 weeks ago
Side loading is a huge threat they say
Score: 6 Votes (Like | Disagree)
E
Edd70
16 weeks ago
Didn’t need new reasons to not use that app.
Score: 4 Votes (Like | Disagree)
Mrkevinfinnerty Avatar
Mrkevinfinnerty
16 weeks ago

“Through the App Review process, we work to ensure apps come from vetted sources and are free of known malicious components. We also check that the apps aren’t trying to trick you into making unwanted purchases or providing access to personal data. We screen developers and users, expelling those who misbehave.
Hmmm, they must've missed this one..
Score: 4 Votes (Like | Disagree)
August West Avatar
August West
16 weeks ago
Since I never use it I deleted it off of my phone but macOS won't let you do that since it's part of the OS. Setup Little Snitch rules to block all incoming and outgoing traffic to is so hopefully that works.
Score: 3 Votes (Like | Disagree)
C
CarAnalogy
16 weeks ago

No app review process on internally produced apps, like Podcasts.

Hence why they can violate half the rules they make others follow. 😒
In fact it seems the opposite, the marketing team gets to insert ads and popups everywhere in Apple’s own apps these days.
Score: 3 Votes (Like | Disagree)
Read All Comments
Related Apple News: Macos | Apple Intelligence | Airpods Deals | Travel | Ipad