Security considerations when updating settings from a remote system
The Oracle VM Virtual Box Extension Pack provides additional features and must be downloaded and installed separately, see Section1.6, “Installing Oracle VM Virtual Box and Extension Packs”.
As for the base package, the SHA256 checksum of the extension pack should be verified.
Enabling CD/DVD passthrough enables the guest to perform advanced operations on the CD/DVD drive, see Section5.9, “CD/DVD Support”.
This could induce a security risk as a guest could overwrite data on a CD/DVD medium.
The guest cannot communicate directly with the hardware or other computers but only through the VMM.Some setups do not require a VM to be connected to the public network at all.Internal networking, see Section6.6, “Internal Networking”, or host-only networking, see Section6.7, “Host-Only Networking”, are often sufficient to connect VMs among each other or to connect VMs only with the host but not with the public network.As a consequence, the shared clipboard is disabled for new machines.If any host folder is shared with the guest then a remote user connected to the guest over the network can access these files too as the folder sharing mechanism cannot be selectively disabled for remote users.