Sophos has reported a combination of vulnerabilties that can be used to perform a remote privilege escalation and gain unauthorised privileged access to the the device.  Details can be found here http://www.sophos.com/en-us/support/knowledgebase/119773.aspx . 

If automatic updating is enabled the fix should be applied without further intervention. 

Mark H