Well, if the rootkit wasnt enough for Sony to get into hot water, enter MediaMax. Another tool used by Sony to enforce DRM upon its customers. This time the software poses a MAJOR vulnerability allowing a hacker to take control of your PC.
Clipped from Geek.com
The old saying “once bitten, twice shy” is usually applied to people, but it can — and sometimes should — apply to companies as well. After Sonys well-publicized rootkit debacle, youd think the company would be walking as if on eggshells when it comes to heavy-handed ways to implement DRM on music CDs … but youd be wrong.
Sony issued a press release late last week disclosing a gaping security vulnerability in its other self-installing, little-known DRM kit, MediaMax 5. Never heard of it? Neither have most people, but apparently its installed by default if you play certain Sony/BMG CDs. It attempts to hide itself fairly well and restricts what you can and cant do with Sony music CDs. It also provides a wonderful way for malicious hackers to take control of your system remotely.
MediaMax, which is produced by the DRM software house Sunncomm, has issued a “patch” for this vulnerability, which was discovered after the EFF reviewed the Sunncomm software.
A report on the exploit (PDF) explains the dangers. For its part, Sony claims the update will be advertised within the Sony-sanctioned, DRM-enabled music player forcibly installed by the Sony/BMG CDs. Alternatively, users can go directly to Sunncomm for software updates