PSA: Apple's Podcasts App Could Be Enabling Malicious Content Delivery

by

Security researchers have identified suspicious activity in Apple's Podcasts app that could be used to deliver malicious content to users, based on a report by 404Media's Joseph Cox.

Apple Podcasts Award
Cox's report describes some odd experiences with the Podcasts app that certainly suggest something untoward is going on across both iOS and macOS versions. He says that over recent months, the app has automatically launched and displayed unusual podcasts without his input. On Mac and iPhone, the app has opened religion, spirituality, and education podcasts for no apparent reason, in some cases even launching themselves the moment Cox unlocked his device.

The podcasts in question often feature strange titles containing code fragments, URLs, and in some cases, attempts at cross-site scripting attacks.

Objective-See security expert Patrick Wardle told Cox he was able to replicate similar behavior, but in his case via a website. "Simply visiting a website is enough to trigger Podcasts to open (and load a podcast of the attacker's choosing), and unlike other external app launches on macOS, no prompt or user approval is required," Wardle told 404 Media.

One particularly concerning podcast apparently includes a link that redirects to a site attempting an XSS attack – a technique in which attackers inject malicious code into otherwise legitimate-looking websites. When visited, the site displays a pop-up acknowledging the XSS attempt.

Wardle notes that while this behavior isn't immediately dangerous on its own, it creates an effective delivery mechanism if vulnerabilities do exist within the Podcasts app. "The level of probing shows that adversaries are actively evaluating the Podcasts app as a potential target," he said.

The situation bears similarities to reports of Google Calendar spam from several years ago, where bad actors would add unsolicited events containing links or promotional content to users' calendars.

Apple did not respond to Cox's multiple requests for comment about the issue. Has the Podcasts app exhibited similar unusual behaviour in your experience? Let us know in the comments.

Tags: Apple Podcasts, Security

Popular Stories

Apple Logo Zoomed

Tim Cook Teases Plans for Apple's Upcoming 50th Anniversary

Thursday February 5, 2026 12:54 pm PST by
Apple turns 50 this year, and its CEO Tim Cook has promised to celebrate the milestone. The big day falls on April 1, 2026. "I've been unusually reflective lately about Apple because we have been working on what do we do to mark this moment," Cook told employees today, according to Bloomberg's Mark Gurman. "When you really stop and pause and think about the last 50 years, it makes your heart ...
Read Full Article148 comments
wwdc sans text feature

Apple Rumored to Announce New Product on February 19

Thursday February 5, 2026 12:22 pm PST by
Apple plans to announce the iPhone 17e on Thursday, February 19, according to Macwelt, the German equivalent of Macworld. The report, citing industry sources, is available in English on Macworld. Apple announced the iPhone 16e on Wednesday, February 19 last year, so the iPhone 17e would be unveiled exactly one year later if this rumor is accurate. It is quite uncommon for Apple to unveil...
Read Full Article
Finder Siri Feature

Why Apple's iOS 26.4 Siri Upgrade Will Be Bigger Than Originally Promised

Friday February 6, 2026 3:06 pm PST by
In the iOS 26.4 update that's coming this spring, Apple will introduce a new version of Siri that's going to overhaul how we interact with the personal assistant and what it's able to do. The iOS 26.4 version of Siri won't work like ChatGPT or Claude, but it will rely on large language models (LLMs) and has been updated from the ground up. Upgraded Architecture The next-generation...
Read Full Article154 comments
iOS 26

iOS 26.3 and iOS 26.4 Will Add These New Features to Your iPhone

Tuesday February 3, 2026 7:47 am PST by
While the iOS 26.3 Release Candidate is now available ahead of a public release, the first iOS 26.4 beta is likely still at least a week away. Following beta testing, iOS 26.4 will likely be released to the general public in March or April. Below, we have recapped known or rumored iOS 26.3 and iOS 26.4 features so far. iOS 26.3 iPhone to Android Transfer Tool iOS 26.3 makes it easier...
Read Full Article37 comments
iphone 17 pro dark blue 1

iPhone 18 Pro Max Rumored to Deliver Next-Level Battery Life

Friday February 6, 2026 5:14 am PST by
The iPhone 18 Pro Max will feature a bigger battery for continued best-in-class battery life, according to a known Weibo leaker. Citing supply chain information, the Weibo user known as "Digital Chat Station" said that the iPhone 18 Pro Max will have a battery capacity of 5,100 to 5,200 mAh. Combined with the efficiency improvements of the A20 Pro chip, made with TSMC's 2nm process, the...
Read Full Article107 comments

Top Rated Comments

WarmWinterHat Avatar
WarmWinterHat
10 weeks ago

Hmmm, they must've missed this one..
No app review process on internally produced apps, like Podcasts.

Hence why they can violate half the rules they make others follow. ?
Score: 7 Votes (Like | Disagree)
Danilamak Avatar
Danilamak
10 weeks ago
Side loading is a huge threat they say
Score: 6 Votes (Like | Disagree)
Mrkevinfinnerty Avatar
Mrkevinfinnerty
10 weeks ago

“Through the App Review process, we work to ensure apps come from vetted sources and are free of known malicious components. We also check that the apps aren’t trying to trick you into making unwanted purchases or providing access to personal data. We screen developers and users, expelling those who misbehave.
Hmmm, they must've missed this one..
Score: 4 Votes (Like | Disagree)
Edd70 Avatar
Edd70
10 weeks ago
Didn’t need new reasons to not use that app.
Score: 4 Votes (Like | Disagree)
klasma Avatar
klasma
10 weeks ago

Side loading is a huge threat they say
Their preferential treatment of their own apps probably compels them to not implement certain security measures wholesale at the iOS level.
Score: 3 Votes (Like | Disagree)
CarAnalogy Avatar
CarAnalogy
10 weeks ago

No app review process on internally produced apps, like Podcasts.

Hence why they can violate half the rules they make others follow. ?
In fact it seems the opposite, the marketing team gets to insert ads and popups everywhere in Apple’s own apps these days.
Score: 3 Votes (Like | Disagree)
Read All Comments