SunnComm's MediaMax copy protection, used on some Sony BMG music CDs and those of other publishers, also has a serious security flaw, also has an official patch available, and the patch also causes problems. Specifically, the patch is vulnerable to the same flaw it's trying to fix, according to researchers. Sony has already pulled CDs with the XCP copy protection (though has not offered compensation to those already affected), but has not yet recalled CDs with MediaMax. Combined with the finding that MediaMax installs itself even if you decline the end user license agreement that pops up when you stick an affected music CD in the drive, this is another very serious problem.

MediaMax is on far more CDs than just a handful of Sony BMG releases, including many dozens from other publishers. I hope a new list of these affected titles is released very soon.

The flawed patch was accompanied by a joint press release with the EFF, who had filed suit to bring attention to MediaMax problems while XCP was getting all the attention. It appears the patch was developed with the cooperation of several third-party security firms (mentioned in the press release). The flaw in the patch is being presented by Dr. Felten's research team.