Update: The Meltdown and Spectre CPU vulnerabilities: What you need to know as a Box customer

Community Manager

On Wednesday, January 3rd 2018, details of two CPU vulnerabilities, Meltdown and Spectre, were published.
Google’s Project Zero researchers demonstrated that security flaws could allow attackers to take advantage of speculative execution resulting in unauthorized actors potentially having access to sensitive information in the system’s memory such as passwords.


Box is applying patches where relevant to our infrastructure. At this time, we believe the Box service is not directly impacted, and we assess the risk as low. Though the underlying CPU and OS combination in our infrastructure may be affected by these vulnerabilities, the Box service is a closed system that does not allow customers to run custom code against our underlying infrastructure.


We are continuing to monitor the situation and will update the Community page. You can learn more about Security at Box here.