We posted on the flaw yesterday as discovered by Jose Rodriguez. The procedure involved using Siri to initiate a Twitter search then using a 3D Touch gesture on contact information to bring up the Quick Actions menu. Tapping Add to Existing Contact brought up your full contact list and adding a photo to the contact brought up your entire photo library.
Apple has now blocked the ability to perform a Twitter Search without entering your passcode first. This resolves the security risk but may annoy some users who use that feature frequently.
Please follow iClarified on Twitter, Facebook, Google+, or RSS for updates.