AntiOnline – Sony BMG: Don’t install that patch!:
Just one day after jointly announcing a patch to correct a security flaw in the SunnComm MediaMax copy protection included on 27 CDs, Sony BMG and the Electronic Frontier Foundation are urging users not to install it. The update includes a vulnerability similar to the one it attempted to fix.
SunnComm’s MediaMax version 5 software does not properly protect a directory it installs, opening the door for a privilege escalation attack. Thus, a restricted user account could replace the executables within the MediaMax directory with malicious code, which would then be executed by an administrator upon inserting a CD.
white pebble 