(More) Security Issues With Sony BMG CDs

A matter of weeks after a recall program for Sony BMG’s “rootkit” XCP technology was put into place, security holes have been found in another protection scheme used by the company.

Reportedly, SunnComm’s MediaMax (the system the more invasive XCP was due to replace) installs binaries on the system with insecure file permissions that let local users gain privilege on systems with MediaMax installed.

The vulnerability was outlined in a report published by the Electronic Frontier Foundation (EFF) as part of its class-action lawsuit against Sony BMG, which seeks damages for consumer complaints regarding MediaMax, as well as the more controversial XCP.

Sony BMG were already in one wicked mess over XCP, with the State of Texas seeking damages against the company of $100,000 for each XCP-infected system. Now, reports of vulnerabilities in MediaMax may be used as ammunition to further consumer complaints against that controversial system as well.