EFF commissioned a research firm to investigate security vulnerabilities caused by the Suncomm Mediamax spyware, which Sony has included on some 50 CDs, and forced them to release a fix for the vulnerabilities:
The security issue involves a file folder installed on users' computers by the MediaMax software that could allow malicious third parties who have localized, lower-privilege access to gain control over a consumer's computer running the Windows operating system.SONY BMG will notify consumers about this vulnerability and the update through the banner functionality included on the player, as well as through an Internet-based advertising campaign. The update is also being provided to major software and Internet security companies. EFF and SONY BMG urge all consumers who receive notice to download and install the patch immediately. In accordance with standard information security practices, EFF and iSEC delayed public disclosure of the details of the exploit to provide SunnComm the opportunity to develop an update.
(Thanks, Fred, Matt and Guillaume!)
Update: Sony blew the uninstaller — it leaves your computer even worse off than the Mediamax does. Christ, they just suck, huh?
Previous installments of the Sony Rootkit Roundup: Part I, Part II, Part III, Part IV
(Cool Sony CD image courtesy of Collapsibletank)
