BlackBerry recently issued an advisory warning of a privilege escalation vulnerability affecting BlackBerry Z10 smartphones, which the company says is not being actively exploited (h/t The H Security).

The vulnerability could allow an attacker to take advantage of weak permissions in the BlackBerry Protect service to (1) access the device password if a remote password reset command has been issued through the BlackBerry Protect Web site, and (2) prevent the smartphone from acting on BlackBerry Protect commands, such as a remote smartphone wipe.

With physical access to the device, an attacker could then unlock it, access it over a USB tether to transfer data, enable development mode, and/or change the device password.

BlackBerry Z10 users are advised to protect their devices by updating to the latest version of the BlackBerry 10 OS, version 10.0.10.648.