Sony Patch is Insecure

Sarah Perez on December 9th, 2005

Cd_locked_6
Could it get any worse for Sony? After all the problems with the discovery of their DRM rootkits, it now comes out that their patch isn’t secure either!

Via BetaNews: Just one day after jointly announcing a patch to correct a security flaw in the SunnComm MediaMax copy protection included on 27 CDs, Sony BMG and the Electronic Frontier Foundation are urging users not to install it. The update includes a vulnerability similar to the one it attempted to fix. SunnComm’s MediaMax version 5 software does not properly protect a directory it installs, opening the door for a privilege escalation attack. Thus, a restricted user account could replace the executables within the MediaMax directory with malicious code, which would then be executed by an administrator upon inserting a CD.

Uncategorized Add to del.icio.us  Digg This Subscribe to RSS feed
Add to Mixx!
Follow the conversation at YackTrack!