The Meltdown and Spectre CPU vulnerabilities: What you need to know as a Box customer

Community Manager

On Wednesday, January 3rd 2018, details of two CPU vulnerabilities, Meltdown and Spectre, were published.
Google’s Project Zero researchers demonstrated that security flaws could allow attackers to take advantage of speculative execution resulting in unauthorized actors potentially having access to sensitive information in the system’s memory such as passwords. 

At this time, we believe the Box service is not directly impacted, and we assess the risk as low.


We are continuing to monitor the situation and will update the Community page. You can learn more about Security at Box here.

Comments
Senior Member

Considering this issue impacts all operating systems and processors to varying degrees, how was it determined that there is no direct impact to the Box platform? Had systems already been patched prior to the early release of information regarding Meltdown and Spectre?

Community Manager

As an issue affecting the entire industry, we understand there are a lot of questions and moving parts as such we want to ensure our response is clear and without speculation. Therefore we've closed comments on this post for now. We will update this post with new information as we complete our review and as we are able. If you have specific inquiries regarding this issue, please contact your CSM or other Box Contact

Community Manager