BlackBerry has issued a security advisory notice to those who have bought its flagship Z10 touchscreen smartphone — the first BlackBerry 10 device to launch following the company's bid for revival, back in February.
The advisory, which was issued earlier this month, notes a bug that relates to BlackBerry Protect, its security and backup utility, rather than the phone's operating system itself.
According to the advisory, an escalation of privilege vulnerability exists in the software of some Z10 phones that could allow a malicious app to "take advantage" of weak permissions in the in-built security software. This could allow a hacker to gain access to the device's password, and intercept and prevent the device from being wiped.
The "critical" factor is that the security flaw could dupe the device's user into installing an app which resets the device password through BlackBerry Protect. Though the device may be in the user's hands, the device's data is under the control of the hacker.
BlackBerry 10 version 10.0.10.261 and earlier devices are affected by the critical bug, except version 10.0.9.2743. BlackBerry 7 and earlier users are not affected, and neither are those who.
BlackBerry said in the advisory that the bug is "not currently being actively exploited," but BlackBerry Z10 owners and IT administrators who deploy BlackBerry Z10 smartphones in an enterprise should update their devices as soon as possible.
Enterprise users can also set their BlackBerry Enterprise Server policies to mitigate any unauthorized access.