diff --git a/changelogs/fragments/11850-homebrew-cask-sudo-password.yml b/changelogs/fragments/11850-homebrew-cask-sudo-password.yml
new file mode 100644
index 0000000000..a4527645e7
--- /dev/null
+++ b/changelogs/fragments/11850-homebrew-cask-sudo-password.yml
@@ -0,0 +1,5 @@
+bugfixes:
+  - homebrew_cask - fix ``sudo_password`` failing when the password contains single quotes or
+    other special shell characters
+    (https://github.com/ansible-collections/community.general/issues/4957,
+    https://github.com/ansible-collections/community.general/pull/11850).
diff --git a/plugins/modules/homebrew_cask.py b/plugins/modules/homebrew_cask.py
index 7729c8c1bd..17020768cb 100644
--- a/plugins/modules/homebrew_cask.py
+++ b/plugins/modules/homebrew_cask.py
@@ -141,14 +141,16 @@ EXAMPLES = r"""
     greedy: true
 
 - name: Using sudo password for installing cask
+  # ansible_become_password must be set in inventory or group_vars; it is not populated by -K
   community.general.homebrew_cask:
     name: wireshark
     state: present
-    sudo_password: "{{ ansible_become_pass }}"
+    sudo_password: "{{ ansible_become_password }}"
 """
 
 import os
 import re
+import shlex
 import tempfile
 
 from ansible.module_utils.basic import AnsibleModule
@@ -476,14 +478,12 @@ class HomebrewCask:
         rc, out, err = "", "", ""
 
         with tempfile.NamedTemporaryFile() as sudo_askpass_file:
-            sudo_askpass_file.write(b"#!/bin/sh\n\necho '%s'\n" % to_bytes(self.sudo_password))
+            sudo_askpass_file.write(to_bytes(f"#!/bin/sh\necho {shlex.quote(self.sudo_password)}\n"))
+            sudo_askpass_file.flush()
             os.chmod(sudo_askpass_file.name, 0o700)
-            sudo_askpass_file.file.close()
 
             rc, out, err = self.module.run_command(cmd, environ_update={"SUDO_ASKPASS": sudo_askpass_file.name})
 
-            self.module.add_cleanup_file(sudo_askpass_file.name)
-
         return (rc, out, err)
 
     # /sudo_password fix --------------------- }}}