The security vulnerability affecting the company's flagship phone running the BlackBerry 10 operating system is in BlackBerry Protect, a security and backup utility, rather than in operating system itself, the company said.
In some early Z10 phones, a malicious app to could take advantage of weak permissions in the built-in security software, allowing a hacker to discover the device's password, ZDNet reported Tuesday.
The security flaw could trick the device's user into installing an app that resets the device password through BlackBerry Protect, putting the device's data under the control of the hacker, the company said.
Phones running BlackBerry 10 version 10.0.10.261 and earlier are affected, it said.
While BlackBerry said the bug is "not currently being actively exploited," it urged BlackBerry Z10 owners to update their devices to the latest version of the OS as soon as possible.