Apple Podcasts flaw allows apps to launch without user approval
Apple Podcasts users have been experiencing a security vulnerability that allows the app to launch automatically and direct them to potentially malicious podcasts without any user interaction or approval, according to a report published today by 404 Media
Apple Podcasts has been experiencing unusual behavior, randomly opening spirituality and religion podcasts, sometimes directing users to potentially malicious websites. Security expert Patrick Wardle noted that the app can be launched automatically with a podcast of an attacker's choosing, creating a delivery mechanism for attacks if a vulnerability exists. One podcast attempted a cross-site scripting attack, redirecting users to a site that displayed a pop-up with 'XSS. Domain: test.ddv.in.ua'. Apple has not responded to requests for comment on the issue.
0 Comments