PSA: Apple's Podcasts App Could Be Enabling Malicious Content Delivery

by Tim Hardwick

Security researchers have identified suspicious activity in Apple's Podcasts app that could be used to deliver malicious content to users, based on a report by 404Media's Joseph Cox.

Apple Podcasts Award
Cox's report describes some odd experiences with the Podcasts app that certainly suggest something untoward is going on across both iOS and macOS versions. He says that over recent months, the app has automatically launched and displayed unusual podcasts without his input. On Mac and iPhone, the app has opened religion, spirituality, and education podcasts for no apparent reason, in some cases even launching themselves the moment Cox unlocked his device.

The podcasts in question often feature strange titles containing code fragments, URLs, and in some cases, attempts at cross-site scripting attacks.

Objective-See security expert Patrick Wardle told Cox he was able to replicate similar behavior, but in his case via a website. "Simply visiting a website is enough to trigger Podcasts to open (and load a podcast of the attacker's choosing), and unlike other external app launches on macOS, no prompt or user approval is required," Wardle told 404 Media.

One particularly concerning podcast apparently includes a link that redirects to a site attempting an XSS attack – a technique in which attackers inject malicious code into otherwise legitimate-looking websites. When visited, the site displays a pop-up acknowledging the XSS attempt.

Wardle notes that while this behavior isn't immediately dangerous on its own, it creates an effective delivery mechanism if vulnerabilities do exist within the Podcasts app. "The level of probing shows that adversaries are actively evaluating the Podcasts app as a potential target," he said.

The situation bears similarities to reports of Google Calendar spam from several years ago, where bad actors would add unsolicited events containing links or promotional content to users' calendars.

Apple did not respond to Cox's multiple requests for comment about the issue. Has the Podcasts app exhibited similar unusual behaviour in your experience? Let us know in the comments.

Tags: Apple Podcasts, Security

Popular Stories

iphone 17 models

No iPhone 18 Launch This Year, Reports Suggest

Thursday January 1, 2026 8:43 am PST by Hartley Charlton
Apple is not expected to release a standard iPhone 18 model this year, according to a growing number of reports that suggest the company is planning a significant change to its long-standing annual iPhone launch cycle. Despite the immense success of the iPhone 17 in 2025, the iPhone 18 is not expected to arrive until the spring of 2027, leaving the iPhone 17 in the lineup as the latest...
Read Full Article109 comments
apple intelligence black

Report: Apple's AI Strategy Could Finally Pay Off in 2026

Tuesday December 30, 2025 9:01 am PST by Hartley Charlton
Apple's restrained artificial intelligence strategy may pay off in 2026 amid the arrival of a revamped Siri and concerns around the AI market "bubble" bursting, The Information argues. The speculative report notes that Apple has taken a restrained approach with AI innovations compared with peers such as OpenAI, Google, and Meta, which are investing hundreds of billions of dollars in data...
Read Full Article197 comments
apple fitness 2026 1

Apple Teases 'Something Big' Coming Soon to Apple Fitness+

Tuesday December 30, 2025 2:11 pm PST by Juli Clover
The Apple Fitness+ Instagram account today teased that the service has "big plans" for 2026. In a video, several Apple Fitness+ trainers are shown holding up newspapers with headlines related to Apple Fitness+. What's Apple Fitness+ Planning for the New Year? Something Big is Coming to Apple Fitness+ The Countdown Begins. Apple Fitness+ 2026 is Almost Here 2026 Plans Still Under ...
Read Full Article119 comments
Clicks Communicator Feature

'Clicks Communicator' Unveiled — Will You Carry This With Your iPhone?

Friday January 2, 2026 6:35 am PST by Joe Rossignol
The company behind the BlackBerry-like Clicks Keyboard accessory for the iPhone today unveiled a new Android 16 smartphone called the Clicks Communicator. The purpose-built device is designed to be used as a second phone alongside your iPhone, with the intended focus being communication over content consumption. It runs a custom Android launcher that offers a curated selection of messaging...
Read Full Article135 comments
Mac Pro Feature Blue

What's Happening With the Mac Pro?

Wednesday December 31, 2025 9:59 am PST by Juli Clover
Apple hasn't updated the Mac Pro since 2023, and according to recent rumors, there's no update coming in the near future. In fact, Apple might be finished with the Mac Pro. Bloomberg recently said that the Mac Pro is "on the back burner" and has been "largely written off" by Apple. Apple apparently views the more compact Mac Studio as the ideal high-end pro-level desktop, and it has almost...
Read Full Article244 comments
macbook air march 2020

Apple Says Final Intel MacBook Air and Apple Watch Series 5 Now 'Vintage'

Wednesday December 31, 2025 8:39 am PST by Eric Slivka
Apple today added the final 13-inch MacBook Air powered by Intel processors, the Apple Watch Series 5, and additional products to its vintage products list. The iPhone 11 Pro was also added to the list after the iPhone 11 Pro Max was added back in September. The full list of products added to Apple's vintage and obsolete list today: MacBook Air (Retina, 13-inch, 2020) iPhone 8 Plus 128GB ...
Read Full Article79 comments
Apple Fitness Plus hero

Apple Announces New Fitness+ Workout Programs, Strava Challenge, and More

Friday January 2, 2026 6:43 am PST by Hartley Charlton
Apple today announced a number of updates to Apple Fitness+ and activity with the Apple Watch. The key announcements include: New Year limited-edition award: Users can win the award by closing all three Activity Rings for seven days in a row in January. "Quit Quitting" Strava challenge: Available in Strava throughout January, users who log 12 workouts anytime in the month will win an ...
Read Full Article53 comments
iphone 17 pro dark blue 1

iPhone 17 Pro and Pro Max Users Report Static Speaker Noise While Charging

Tuesday December 30, 2025 10:39 am PST by Juli Clover
iPhone 17 Pro and Pro Max owners are having trouble with the speakers of their devices, and have complained about a static or hissing noise that occurs when the iPhone is charging. There are multiple discussions about the issue on Reddit, the MacRumors forums, and Apple's Support Community, where affected users say there is a noticeable static noise "like an old radio." Some people report...
Read Full Article157 comments

Top Rated Comments

WarmWinterHat Avatar
WarmWinterHat
5 weeks ago

Hmmm, they must've missed this one..
No app review process on internally produced apps, like Podcasts.

Hence why they can violate half the rules they make others follow. ?
Score: 7 Votes (Like | Disagree)
Danilamak Avatar
Danilamak
5 weeks ago
Side loading is a huge threat they say
Score: 6 Votes (Like | Disagree)
Mrkevinfinnerty Avatar
Mrkevinfinnerty
5 weeks ago

“Through the App Review process, we work to ensure apps come from vetted sources and are free of known malicious components. We also check that the apps aren’t trying to trick you into making unwanted purchases or providing access to personal data. We screen developers and users, expelling those who misbehave.
Hmmm, they must've missed this one..
Score: 4 Votes (Like | Disagree)
Edd70 Avatar
Edd70
5 weeks ago
Didn’t need new reasons to not use that app.
Score: 4 Votes (Like | Disagree)
klasma Avatar
klasma
5 weeks ago

Side loading is a huge threat they say
Their preferential treatment of their own apps probably compels them to not implement certain security measures wholesale at the iOS level.
Score: 3 Votes (Like | Disagree)
CarAnalogy Avatar
CarAnalogy
5 weeks ago

No app review process on internally produced apps, like Podcasts.

Hence why they can violate half the rules they make others follow. ?
In fact it seems the opposite, the marketing team gets to insert ads and popups everywhere in Apple’s own apps these days.
Score: 3 Votes (Like | Disagree)
Read All Comments