On Wednesday, January 3rd 2018, details of two CPU vulnerabilities, Meltdown and Spectre, were published. Google’s Project Zero researchers demonstrated that security flaws could allow attackers to take advantage of speculative execution resulting in unauthorized actors potentially having access to sensitive information in the system’s memory such as passwords.
At this time, we believe the Box service is not directly impacted, and we assess the risk as low.
We are continuing to monitor the situation and will update the Community page. You can learn more about Security at Box here.