On Wednesday, January3rd2018, details of two CPU vulnerabilities,Meltdown and Spectre, were published. Google’s Project Zeroresearchers demonstrated that security flaws could allow attackers to take advantage of speculative execution resulting in unauthorized actors potentially having access to sensitive information in the system’s memory such as passwords.
Box is applying patches where relevant to our infrastructure. At this time, we believe the Box service is not directly impacted, and we assess the risk as low. Though the underlying CPU and OS combination in our infrastructure may be affected by these vulnerabilities, the Box service is a closed system that does not allow customers to run custom code against our underlying infrastructure.
We are continuing to monitor the situation and will update theCommunity page. You can learn more about Security at Boxhere.