Apple's Podcasts have become a target for hackers, but it's unclear how

Someone is using Apple's iPhone Podcasts app as a potential attack vector for malicious activity, but the severity of the issue is currently unclear.

The issue appears to be that someone has found a way to launch the Podcasts app without user input. It's reported that the problem affects both the iPhone and Mac, and Apple is yet to offer any explanation as how the app is being opened.

The problem was first reported by 404 Media's Joseph Cox who says that he sometimes unlocks his Mac only to find the Podcasts app running with seemingly random podcasts open.

More worryingly, the podcast's name or description sometimes includes a suspicious link that has the potential to be malicious.

Patrick Wardle, a macOS security expert, has been able to replicate the behavior through a website. Simply visiting the website causes the Podcasts app to launch, and there's nothing the user can do to stop it.

That's unusual in itself, because macOS normally requires a user gives web browsers permission to open apps. In this instance, no prompt for user approval appears.

How to protect yourself

While a self-launching Podasts app is more irritating than dangerous, the links found in podcast titles or show notes could be more problematic. As Cox notes, one link he was shown by the Podcasts app could have allowed malicious code to be injected into a real website via a cross-site scripting attack.

"Whether any of those attempts have worked remains unclear," Wardle warned. "The level of probing shows that adversaries are actively evaluating the Podcasts app as a potential target."

Interestingly, Cox says that his requests for input from Apple have so far gone unanswered — despite answering questions about unrelated stories during that time.

This is the first time that we've heard about this kind of Podcasts behavior, suggesting the issue isn't a widespread one. And we certainly haven't experienced anything similar here at AppleInsider.

However, we suggest not clicking any links that appear in podcasts that you don't know or trust, regardless of your choice of app.

Thankfully, it's highly unlikely that your favorite podcasts are likely to include problematic links or cause the Podcasts app to open without your knowledge. Cox suggests that the problematic podcasts are not ones he subscribed to.

If you do find that the Podcasts app is open with an unknown podcast selected, we suggest that you avoid clicking anything other than close. We'd also love to hear from anyone who experiences this issue, too.