PSA: Apple's Podcasts App Could Be Enabling Malicious Content Delivery

by

Security researchers have identified suspicious activity in Apple's Podcasts app that could be used to deliver malicious content to users, based on a report by 404Media's Joseph Cox.

Apple Podcasts Award
Cox's report describes some odd experiences with the Podcasts app that certainly suggest something untoward is going on across both iOS and macOS versions. He says that over recent months, the app has automatically launched and displayed unusual podcasts without his input. On Mac and iPhone, the app has opened religion, spirituality, and education podcasts for no apparent reason, in some cases even launching themselves the moment Cox unlocked his device.

The podcasts in question often feature strange titles containing code fragments, URLs, and in some cases, attempts at cross-site scripting attacks.

Objective-See security expert Patrick Wardle told Cox he was able to replicate similar behavior, but in his case via a website. "Simply visiting a website is enough to trigger Podcasts to open (and load a podcast of the attacker's choosing), and unlike other external app launches on macOS, no prompt or user approval is required," Wardle told 404 Media.

One particularly concerning podcast apparently includes a link that redirects to a site attempting an XSS attack – a technique in which attackers inject malicious code into otherwise legitimate-looking websites. When visited, the site displays a pop-up acknowledging the XSS attempt.

Wardle notes that while this behavior isn't immediately dangerous on its own, it creates an effective delivery mechanism if vulnerabilities do exist within the Podcasts app. "The level of probing shows that adversaries are actively evaluating the Podcasts app as a potential target," he said.

The situation bears similarities to reports of Google Calendar spam from several years ago, where bad actors would add unsolicited events containing links or promotional content to users' calendars.

Apple did not respond to Cox's multiple requests for comment about the issue. Has the Podcasts app exhibited similar unusual behaviour in your experience? Let us know in the comments.

Tags: Apple Podcasts, Security

Popular Stories

Apple Logo Zoomed

Tim Cook Teases Plans for Apple's Upcoming 50th Anniversary

Thursday February 5, 2026 12:54 pm PST by
Apple turns 50 this year, and its CEO Tim Cook has promised to celebrate the milestone. The big day falls on April 1, 2026. "I've been unusually reflective lately about Apple because we have been working on what do we do to mark this moment," Cook told employees today, according to Bloomberg's Mark Gurman. "When you really stop and pause and think about the last 50 years, it makes your heart ...
Read Full Article148 comments
iOS 26

iOS 26.3 and iOS 26.4 Will Add These New Features to Your iPhone

Tuesday February 3, 2026 7:47 am PST by
While the iOS 26.3 Release Candidate is now available ahead of a public release, the first iOS 26.4 beta is likely still at least a week away. Following beta testing, iOS 26.4 will likely be released to the general public in March or April. Below, we have recapped known or rumored iOS 26.3 and iOS 26.4 features so far. iOS 26.3 iPhone to Android Transfer Tool iOS 26.3 makes it easier...
Read Full Article37 comments
imac video apple feature

Apple Makes Its Second-Biggest Acquisition Ever

Tuesday February 3, 2026 12:45 pm PST by
Apple recently acquired Israeli startup Q.ai for close to $2 billion, according to Financial Times sources. That would make this Apple's second-biggest acquisition ever, after it paid $3 billion for the popular headphone maker Beats in 2014. This is also the largest known Apple acquisition since the company purchased Intel's smartphone modem business and patents for $1 billion in 2019....
Read Full Article
wwdc sans text feature

Apple Rumored to Announce New Product on February 19

Thursday February 5, 2026 12:22 pm PST by
Apple plans to announce the iPhone 17e on Thursday, February 19, according to Macwelt, the German equivalent of Macworld. The report, citing industry sources, is available in English on Macworld. Apple announced the iPhone 16e on Wednesday, February 19 last year, so the iPhone 17e would be unveiled exactly one year later if this rumor is accurate. It is quite uncommon for Apple to unveil...
Read Full Article
Finder Siri Feature

Why Apple's iOS 26.4 Siri Upgrade Will Be Bigger Than Originally Promised

Friday February 6, 2026 3:06 pm PST by
In the iOS 26.4 update that's coming this spring, Apple will introduce a new version of Siri that's going to overhaul how we interact with the personal assistant and what it's able to do. The iOS 26.4 version of Siri won't work like ChatGPT or Claude, but it will rely on large language models (LLMs) and has been updated from the ground up. Upgraded Architecture The next-generation...
Read Full Article152 comments

Top Rated Comments

WarmWinterHat Avatar
WarmWinterHat
10 weeks ago

Hmmm, they must've missed this one..
No app review process on internally produced apps, like Podcasts.

Hence why they can violate half the rules they make others follow. ?
Score: 7 Votes (Like | Disagree)
Danilamak Avatar
Danilamak
10 weeks ago
Side loading is a huge threat they say
Score: 6 Votes (Like | Disagree)
Mrkevinfinnerty Avatar
Mrkevinfinnerty
10 weeks ago

“Through the App Review process, we work to ensure apps come from vetted sources and are free of known malicious components. We also check that the apps aren’t trying to trick you into making unwanted purchases or providing access to personal data. We screen developers and users, expelling those who misbehave.
Hmmm, they must've missed this one..
Score: 4 Votes (Like | Disagree)
Edd70 Avatar
Edd70
10 weeks ago
Didn’t need new reasons to not use that app.
Score: 4 Votes (Like | Disagree)
klasma Avatar
klasma
10 weeks ago

Side loading is a huge threat they say
Their preferential treatment of their own apps probably compels them to not implement certain security measures wholesale at the iOS level.
Score: 3 Votes (Like | Disagree)
CarAnalogy Avatar
CarAnalogy
10 weeks ago

No app review process on internally produced apps, like Podcasts.

Hence why they can violate half the rules they make others follow. ?
In fact it seems the opposite, the marketing team gets to insert ads and popups everywhere in Apple’s own apps these days.
Score: 3 Votes (Like | Disagree)
Read All Comments