Sony BMG issued a joint announcement with the EFF yesterday that a new security vulnerability had been identified in Sony BMG’s other DRM software, MediaMax, and that a patch was available. The vulnerability has been known for a while but not publicly disclosed until SunnComm was able to create the patch, which can be downloaded from Sony’s site. If you have played any of the CDs listed on Sony’s site, you should probably download the patch. Users who play the CDs will get prompted through a banner displayed in the MediaMax software to download an upgrade.
For those of you just joining us, this is not the DRM package containing the rootkit and all the code stolen without attribution from various open source projects; it’s the other one. Just wanted to set that straight.
Thanks to Mike for pointing out this latest development in the comments last night. There’s a pretty active discussion thread on Slashdot around it right now too.
For the record: I’m certainly glad that Sony BMG is getting more on top of this, with quite a lot of prodding from the EFF. But the EFF shouldn’t have to prod. Sony BMG shouldn’t be getting any praise for doing what they are supposed to be doing as a responsible company.