Apple Podcasts: A Disturbing Pattern of Religious Content and Malicious Links Emerges
An unsettling phenomenon is unfolding within Apple Podcasts, suggesting a deliberate attempt to manipulate the platform. Over the past several months, users across both iOS and macOS have observed the app unexpectedly launching and displaying religious, spiritual, and educational podcasts without any discernible logic. In some instances, simply unlocking a Mac can trigger the Podcasts app to open, showcasing these peculiar selections.
Adding to the concern, at least one podcast page within the application features a link to a website that potentially harbors malicious code. The titles of these bizarrely appearing podcasts are often nonsensical or jarring, including examples like “5../XEWE2′»»" «onclic…», “free will, free will on SermonAudio”, “Leonel Pimentahttps://playgooglecom/store/apps”, and “openspotifycom/playlist/53…”. Occasionally, an Arabic podcast, translating to “Words of Life,” surfaces, containing a user's Gmail address. The audio content itself varies; some podcasts offer genuine sermons or religious discourse, while others are entirely silent. Many of these entries date back several years, yet are inexplicably resurfacing now.
The Alarming Autonomy of the Podcasts App
Patrick Wardle, a security expert at Objective-See, an organization specializing in macOS security, highlights the most concerning aspect: the app's ability to launch automatically with a podcast chosen by an attacker. Wardle demonstrated a similar behavior originating from a website. Merely visiting a specific site caused the Podcasts app to open and load a pre-selected podcast. Crucially, unlike other external application launches on macOS, such as Zoom, there was no warning prompt or permission request. While this mechanism in itself isn't an attack, Wardle points out its potential as a highly effective delivery vector if a vulnerability within the Podcasts app exists.
Adding to the frustration, users report that Apple has been unresponsive to their concerns for months. In the interim, Apple users are advised to exercise extreme caution, as attempts to exploit the Podcasts app for malicious purposes are already underway.
Unmasking the XSS Attack Vector
The podcast titled “5../XEWE2»»" «onclic…”, mentioned earlier, is particularly alarming. It redirects listeners to a website that attempts to execute a cross-site scripting (XSS) attack. XSS is a hacking technique where malicious code is injected into a seemingly legitimate website. Though considered a relatively straightforward attack method today, it was rampant a decade ago, notably in the MySpace virus incident. This suspicious link resides within the “Show Website” section of the podcast’s page, directing users to “testddvinua.” Upon visiting this URL, a popup message appears stating: “XSS. Domain: testddvinua.” The podcast itself is dated around 2019. User reviews from last month express bewilderment, questioning how Apple permits such XSS vulnerabilities. While the success of these specific attacks remains unconfirmed, the extent of this probing indicates that malicious actors are actively investigating Apple Podcasts as a potential target, and this is not an isolated incident.
This situation bears a striking resemblance to the spam incidents in Google Calendar a few years ago, where malicious actors covertly added events containing links or deceptive messages. The persistent nature of these issues across different platforms underscores the ongoing challenge of platform security and user protection in the digital age.
Comments (0)
There are no comments for now