| Sony BMG has released a second patch to correct the security vulnerability in its compact discs released with SunnComm MediaMax software Version 5 — a flaw that affects millions of CDs in the U.S. and Canada. The first patch, had a flaw of its own that was discovered by researchers Ed Felton and Alex Halderman, security researchers are reviewing the new patch.
Sony has been under fire for using two software technologies — SunnComm MediaMax and First4Internet’s Extended Copy Protection (also known as XCP) — which Sony BMG claims to have placed on the music CDs to restrict consumer use of the music on the CDs. However, by including the flawed and overreaching programs in millions of music CDs sold to the public, Sony BMG has created serious security, privacy and consumer protection problems.
The vulnerability in SunnComm MediaMax version 5 was initially discovered by security firm iSEC Partners after the Electronic Freedom Foundation (EFF) requested an examination of the software. The flaw defeats Windows’ security measures and allows malicious programs, such as viruses and Trojans, to take control of users’ computers.
EFF, along with two law firms, filed a class action lawsuit last month against Sony BMG that included claims arising from SunnComm CDs as well as those using First4Internet XCP software.
For a list of CDs affected, visit www.sonybmg.com/mediamax/titles.html. Frequently Asked Questions About SunnComm MediaMax can be found at www.eff.org/IP/DRM/Sony-BMG/mediamaxfaq.php. | 
