Notified: April 14, 2015 Updated: April 14, 2015
No statement is currently available from the vendor regarding this vulnerability.
We are not aware of further vendor information regarding this vulnerability.
According to the reporter, the Box Sync client may be vulnerable in certain circumstances if the user accepts an SSL prompt. CERT/CC has been unable to confirm this so far.