Apple Podcasts tested by hackers. They attempt attacks using a popular app

Experts have noted "strange behavior" in the Apple Podcasts app. After taking a closer look, it turns out someone tried to use the program to attack Apple device users. Current information suggests that hackers are only testing various forms of attack, choosing podcast categories that attract less attention.

Apple Podcasts used for hacking attacks

404 Media reports that suspicious behavior has been observed in Apple Podcasts over the past few months. The app was launching recordings, even those from several years ago, some of which were silent. The titles of the recordings contain hidden links to other websites, and four of them have been identified:

1. 5../XEWE2'"""onclick… (this link redirected to a website used for XSS attacks);
2. free will, free willhttp://www[.]sermonaudio[.]com/rss_search.asp?keyword=free%will on SermonAudio;
3. Leonel Pimentahttps://play[.]google[.]com/store/apps/detai;
4. https://open[.]spotify[.]com/playlist/53TA8e97shGyQ6iMk6TDjc?.

The real issue is how the app behaves on macOS. Apparently, Apple Podcasts can play a recording chosen by a hacker without the user even knowing, as mentioned by security specialist Patrick Wardle:

Unfortunately, even after months of trying, Apple hasn't gotten back to us about a possible security issue with Apple Podcasts. Expert Joseph Cox, who published the reports, believes that, at least for now, the threat is not significant, and users of the program are aware of the risk, as shown by the ratings. Someone left a 1-star review on one of those recordings asking why Apple allows XSS attacks.

However, the situation may worsen over time. According to Wardle, hackers are just exploring the ground and the potential of Apple Podcasts for conducting other attacks. What's really worrying is that Apple hasn't said a word about this. Cox mentioned that they've ignored 5 emails on the topic, even though they usually reply to messages about other stuff.

• Apple
• hackers
• tech
• scams