Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Sony creates another vulnerability

Sony creates another vulnerability

by Nikola Strahija on December 4th, 2005 Sony is once again in the spotlight for including questionable software on its music CDs, after it became clear that a security vulnerability in content protection software shipped on some of its disks could allow consumers’ PCs to be taken hostage.


Sony and Electronic Frontier Foundation recently said that SunnComm had released a security update for its MediaMax Version 5 content protection software, which ships on ‘certain Sony BMG CDs’.

According to the EFF, the vulnerability centres on a file folder installed by the MediaMax software shipped on some Sony CDs, ‘that could allow malicious third parties who have localized, lower-privilege access to gain control over a consumer’s computer running the Windows operating system.’

The vulnerability was uncovered by iSEC Partners.Tthe EFF is pointing out ‘other severe problems with MediaMax discs, including: undisclosed communications with servers Sony controls… undisclosed installation of over 18 MB of software regardless of whether the user agrees to the End User License Agreement; and failure to include an uninstaller with the CD.’

Sony is not alone in shipping the MediaMax software. Around 30 other labels use it, according to the EFF, which is checking to see if the same vulnerability exists on those labels' titles.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »