Skip to main content

#253 Update Available for Box Sync Vulnerability on Mac

February 10, 2015

Box has issued an update for Box Sync 4.x for Mac OSX to fix a security vulnerability that could allow an attacker to view sensitive data.

We strongly recommend that all users of Box Sync 4.x on OS X systems ensure that they have been auto-updated to version 4.0.6035. The version can be checked by opening the Box application, clicking Settings, and checking the version number in the lower left corner.

While there has not been an explicit mention of a corresponding Windows vulnerability in Box Sync, it is recommended that Windows users of Box Sync 4.x ensure that they are also updated to version 4.0.6035.

If the Box Sync application has not auto-updated to version 4.0.6035, it can be downloaded from:
https://upenn.app.box.com/settings/sync

NOTE: Users of Box Sync 3.x also may wish to update, but should be mindful of the advisories in this document:
https://support.box.com/hc/en-us/articles/200852697-Upgrading-from-Sync-3-to-Sync-4