The exploit works when the phone in question is locked, meaning that even if you passcode protect your phone it remains open to the bug. This has been confirmed across various sources, and has been reported to Apple.
The exploit works on both jailbroken and stock iPhones. The security hole stems from the ability to make an fake emergency call, then hit the sleep button while on said call, the action of which will then serve you the device’s contact list. From there it is possible to initiate a phone call. Upon its termination you will be returned to the locked screen.
Some users are also reporting that they are able to access email on their devices alongside the phone contact list, leaving another set of information open for compromise with the security hole in place. For a more detailed breakdown of how to get past the iPhone’s security please go here; we are not inclined to spread the formal details farther than required for awareness.
What should you do? Update your iPhone as frequently as possible over the coming week to ensure that when Apple does roll out a fix your phone will catch the patch quickly. When Apple does release the update, we will alert you of it.
Until then, hold onto your iPhone with a tighter grip.