Sony does it again.

Well, if the rootkit wasnt enough for Sony to get into hot water, enter MediaMax. Another tool used by Sony to enforce DRM upon its customers. This time the software poses a MAJOR vulnerability allowing a hacker to take control of your PC.

Clipped from Geek.com

The old saying “once bitten, twice shy” is usually applied to people, but it can — and sometimes should — apply to companies as well. After Sonys well-publicized rootkit debacle, youd think the company would be walking as if on eggshells when it comes to heavy-handed ways to implement DRM on music CDs … but youd be wrong.

Sony issued a press release late last week disclosing a gaping security vulnerability in its other self-installing, little-known DRM kit, MediaMax 5. Never heard of it? Neither have most people, but apparently its installed by default if you play certain Sony/BMG CDs. It attempts to hide itself fairly well and restricts what you can and cant do with Sony music CDs. It also provides a wonderful way for malicious hackers to take control of your system remotely.

MediaMax, which is produced by the DRM software house Sunncomm, has issued a “patch” for this vulnerability, which was discovered after the EFF reviewed the Sunncomm software.

A report on the exploit (PDF) explains the dangers. For its part, Sony claims the update will be advertised within the Sony-sanctioned, DRM-enabled music player forcibly installed by the Sony/BMG CDs. Alternatively, users can go directly to Sunncomm for software updates

Leave a Reply

Your email address will not be published. Required fields are marked *