Suspicious behavior prompts concerns about ‘hackers’ on Apple Podcasts app
## Reporter’s observation Technology reporter Joseph Cox from 404 Media has noticed unusual behavior in the Apple Podcasts app that has persisted for months. At times, when he unlocks his device, the app opens on its own and displays random shows, often in spirituality or education categories, that he never chose or subscribed to. Many of these podcasts are old, have strange or nonsensical titles, and some entries contain no audio at all but do show suspicious web links. On at least one page, the “Show Website” section included a link that redirected to a potentially malicious domain, raising concerns about attempted cross‑site scripting attacks. ## Security expert findings Cox asked macOS security researcher Patrick Wardle to investigate the issue and attempt to reproduce it. Wardle reports that he can trigger the Podcasts app to open automatically simply by visiting a specific website, which then loads a podcast episode chosen by an attacker. This launch happens without any dialog box or user approval, unlike typical app-opening behavior on macOS where external links usually require consent. Wardle describes this as the most worrying aspect, because it suggests the app can be used as an attack vector controlled from a web page. ## Nature of the suspicious behavior Users have reported that Apple Podcasts sometimes launches to shows they do not follow, including obscure spirituality podcasts and other irrelevant content. Some of these listings contain descriptions or “Show Website” links that lead to domains hosting suspicious or harmful scripts. The pattern resembles spam or probing attacks seen in other services, such as unwanted calendar entries that exploit trusted platforms to distribute malicious links. In this case, attackers appear to be abusing podcast listings and embedded URLs to test ways of redirecting users to unsafe sites. ## User reports and community reaction Ordinary users, not just security professionals, have started noticing the same kind of unexplained app launches and strange shows appearing in their queues. Posts on forums and social platforms describe confusion, frustration, and concern about possible hacking attempts through Apple’s built‑in app. Some people compare the issue to earlier waves of spam on other platforms and worry that their devices or accounts might be compromised. A few users have responded by uninstalling or avoiding the Podcasts app and switching to alternative podcast clients they consider safer. ## Current risk assessment and Apple’s response Cox characterizes the situation as unsettling and technically interesting, but not yet an active, widespread attack campaign against typical users. Wardle suggests that malicious actors may currently be experimenting with the app, evaluating it as a potential channel for future exploitation rather than already running large‑scale compromises. Cox has reported the behavior and his findings to Apple multiple times, but at the time of reporting the company has not publicly responded or detailed a fix. Observers hope Apple is investigating quietly and will update macOS and the Podcasts app to restore stricter prompts or other safeguards that block automatic launches and dangerous redirects. ## Practical precautions for users Until Apple provides more information or patches, users can take basic steps to limit potential exposure from the Podcasts app. These include avoiding clicks on unfamiliar “Show Website” links, especially when they appear in random shows that open on their own, and closing the app if it launches unexpectedly. Keeping macOS and the Podcasts app updated, reviewing default app‑launch permissions, and using reputable security tools can further reduce risk. Users who remain uneasy can temporarily rely on alternative podcast apps while watching for official guidance or fixes from Apple. > “The most concerning behavior is that the app can be launched automatically with a podcast of an attacker’s choosing,” notes macOS security expert Patrick Wardle, who says he reproduced the issue via a website that opens Podcasts without any user prompt. > One recent user review summed up the concern about malicious redirections with a blunt warning: “Scam. How does Apple allow this attempted XSS attack?” ### Author’s summary Anomalous auto‑launches and shady links in Apple Podcasts hint at a real but still experimental attack vector, pressing Apple to tighten app‑launch safeguards and URL handling.

more

MacWorld on MSN MacWorld on MSN — 2025-11-28