December 6, 2005 | By Fred von Lohmann

Another Sony-BMG Security Vulnerability Discovered

EFF and Sony-BMG today announced the existence of a new security vulnerability that affects Sony-BMG CDs that include SunnComm MediaMax Version 5 copy protection software. The vulnerability was discovered by the security firm iSEC Partners after EFF requested an examination of the SunnComm software.

For more on the vulnerability, including whether you might be affected, see EFF's FAQ on it. Sony-BMG and SunnComm have released a patch that affected users should install immediately.

This security vulnerability is distinct from and affects different CDs from the one reported in early November in connection with the First4Internet XCP software. Sony-BMG has disclosed a full list of the 27 CDs that include the SunnComm MediaMax Version 5.

UPDATE: A further security vulnerability has been reported that afflicts MediaMax and Sony-BMG's patch. As a result, we are recommending against use of the patch until this new vulnerability is addressed.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

Celebrate the 4th by giving to EFF! We're fighting to stop mass surveillance in the US and worldwide. https://eff.org/EFF25

Jul 4 @ 5:36pm

A deep dive into XKEYSCORE, one of the NSA's creepiest spying tools: https://eff.org/r.c6hp

Jul 3 @ 3:12pm

Come to EFF HQ on July 8 for a book talk with author of "Geek Heresy: Rescuing Social Change from the Cult of Tech" https://eff.org/r.i3fv

Jul 2 @ 4:57pm
JavaScript license information