EFF: SunnComm MediaMax Security Vulnerability FAQ
What is the SunnComm MediaMax Security Vulnerability?

Certain audio compact discs distributed by Sony BMG contain a version of the SunnComm MediaMax software, which creates a serious risk of a “privilege escalation attack.” This new security vulnerability — different than the one reported in early November regarding Sony BMG CDs sold with software called XCP — affects all Sony BMG CDs that contain version 5 of SunnComm MediaMax software. According to Sony BMG, about six million CDs have this software.

In addition, Freedom to Tinker states the following:

iSEC, EFF, and SonyBMG issued a joint press release yesterday, announcing yet another serious security bug in the SunnComm MediaMax copy protection software that ships on many SonyBMG compact discs. (SonyBMG has recalled CDs that use another copy protection system, XCP, but they have not yet recalled discs containing MediaMax.)

As we’ve written before, the first time you insert a MediaMax-bearing CD into your Windows computer (assuming you have Windows autorun enabled, as most people do), MediaMax installs some software on your computer. Once this initial software is on your computer, you are vulnerable to the new attack. The gist of the problem is that MediaMax installs itself in a directory that anyone is allowed to modify, even users who otherwise run with heavily restricted security permissions. Any program that comes along can modify your MediaMax files, booby-trapping the files by inserting hostile software that will be run automatically the next time you insert a MediaMax-bearing CD into your computer. And because MediaMax is run with full administrator privileges, the hostile program gets to run with full privileges, allowing it to inflict any mischief it likes on your PC.

Much more at both locations.

Sheesh, even the patch has the same issues. This is ridiculous.

There is no reason for all this nonsense.

As Star Wars, Master Yoda would say, “Do or Do Not. There Is No Try.”

I went to the store yesterday to get some DVD-R discs and had a choice as usual at the store of several name brands — normally I would have chosen the Sony DVDs since the pricing was pretty much the same, but I went with Memorex. I just couldn’t in confidence put my money into a Sony product as it stands right now.

Sad but true.

Comments on: "EFF: SunnComm MediaMax Security Vulnerability FAQ" (1)

  1. […] Search Home   « EFF: SunnComm MediaMax Security Vulnerability FAQ Sony Legacy Breplibot.C preventi […]

Comments are closed.

Tag Cloud

%d bloggers like this: