It looks like BlackBerry had even more reasons for users to update to OS 10.2+. They were notified back in June if of last year about a buffet overflow vulnerability in devices that turn on developer mode. The overflow is in a process that runs as root so it could lead to rooting the device.
Either way BlackBerry asked the security researchers who found it to hold off on disclosing the issue. They were waiting for customers to update through carriers.
Check out the details in modzeros disclosure. My guess is we will hear something from BlackBerry soon.