If your iPhone or Mac starts acting obsessive — especially if the Apple Podcasts app keeps popping up on its own and playing random shows you’ve never heard of — you’re not crazy.
Users have been reporting this for months. One moment their device is idle, the next the Podcasts app launches and loads bizarre, obscure shows. These aren’t top chart hits; These are often random religious sermons, empty audio files, or shows with titles full of gibberish code.
Ghost podcasts and autostarts
Security researcher Patrick Wardle dug into it and found something disturbing: a website can force your Podcasts app to open and load any show the site owner wants, all without asking you for permission. On a Mac, most apps ask for a web link before launching (like Zoom), but Podcasts appears to skip this security check entirely.
Even sketchier? Some of these “ghost” podcasts contain links in their descriptions that attempt to execute malicious code (called an XSS attack) or redirect you to fraudulent websites.
Why it matters: Vulnerabilities
The scary thing isn’t really the strange podcasts themselves; This is how they get there.
The fact that an outsider can remotely trigger an app on your phone or laptop to open and load certain content without you touching anything is a major security risk. Wardle points out that this isn’t a complete “hack” of your device, but rather a wide-open door that shouldn’t be there. It essentially turns the Podcasts app into a delivery system for scams or malware.
Think of it like the old “Google Calendar spam” problem, where random events with dubious links would show up in your calendar. This is the same concept, but it happens in an app that you probably implicitly trust. If attackers find a deeper crack in the app’s code, they could use this autostart trick to cause serious damage.
What’s next: Will Apple fix the problem?
Here’s the frustrating part: Apple hasn’t said a word. Although this has been happening for months and researchers have been sounding the alarm, there has been no public acknowledgment and no solution.
Security experts believe that malicious actors are currently “scrutinizing” the system – essentially testing the fences to see what they can miss. Be skeptical until Apple closes this loophole. If your Podcasts app opens uninvited, don’t pry. Close it immediately and definitely do not click on any links in these strange show notes.
