Sony has again been outed for including questionable software on its music CDs, after it emerged a security vulnerability in content protection software shipped on some of its disks could allow consumers’ PCs to be hijacked

The consumer electronics and media giant, together with the Electronic Frontier Foundation, said today that SunnComm had released a security update for its MediaMax Version 5 content protection software, which ships on “certain Sony BMG CDs”.

The vulnerability was uncovered by iSEC Partners in an examination at the behest of the EFF. A list of affected titles and links to the patch can be found at the EFF’s website, here.

After the beating it took following last month’s DRM rootkit debacle, Sony has wasted no time coughing to the latest problem and wrapping itself up in the EFF flag. No doubt it has also ordered extra sackcloth and ashes to show just how sorry it really is.

It might need them, as the EFF is pointing out “other severe problems with MediaMax discs, including: undisclosed communications with servers Sony controls… undisclosed installation of over 18 MB of software regardless of whether the user agrees to the End User License Agreement; and failure to include an uninstaller with the CD.”

Sony is not alone in shipping the MediaMax software. Around 30 other labels use it, according to the EFF, which is checking to see if the same vulnerability exists on those labels' titles.®

Related stories

• How fat is my DRM? (20 December 2006)
• Sony 'rootkit' settlement clamps down on DRM (29 December 2005)
• Sony BMG 'diligently re-evaluates' CD anti-piracy tech (12 December 2005)
• Intel readies rootkit- rooting hardware (9 December 2005)
• SonyBMG backtracks on buggy bug fix (9 December 2005)
• Opinion EFF volunteers to lose important suit over Sony 'rootkit' (6 December 2005)
• Sony's DRM woes worsen (30 November 2005)
• Sony fiasco: More questions than answers (23 November 2005)
• Analysis Sony unsinged by rootkit CD fiasco (22 November 2005)
• Updated Gaffer tape defeats Sony DRM rootkit (21 November 2005)
• Sony's CD rootkit infringes DVD Jon's copyright (18 November 2005)
• Sony DRM uninstaller 'worse than rootkit' (17 November 2005)
• Sony pulls rootkit DRM CDs (16 November 2005)
• Sony rootkit DRM: how many infected titles? (15 November 2005)
• Sony suspends rootkit DRM (12 November 2005)
• Sony BMG faces digital-rights seige (11 November 2005)
• Mac anti-rip code surfaces on Sony BMG CD (11 November 2005)
• Sophos develops Sony DRM unmasking tool (10 November 2005)
• Sony hit by lawsuits over root kit (10 November 2005)
• First Trojan using Sony DRM spotted (10 November 2005)
• Hidden DRM code's legitimacy questioned (3 November 2005)
• Updated Sony to offer patch for 'rootkit' DRM (3 November 2005)
• Removing Sony's CD 'rootkit' kills Windows (1 November 2005)