[pweezy]

The article makes repeated mentions of the lack of persistence (rebooting the phone removes the exploit), suggesting this makes it very little of a security threat.

However, most people reboot their phone very rarely: the occasional software update a couple times a year; if the battery runs out (which people usually go to pains to avoid); or for some people, to try to fix a misbehaving phone.

The exploit does require physical access to the phone for a few minutes. But in situations where that can happen, and the owner doesn't have the suspicion or knowledge to reboot, I think an exploit could easily run for one or several months.

Paired with enough clever software modifications made possible by the jailbreak (like a lock screen that collects passcode input), a malicious instance of this could do plenty of damage.

[willis936]

I think more practical concerns are cases of forced seizure by the government. The easier it is to access private data against someone’s will, the more often it will happen.

[GeekyBear]

If your device tells you that you are required to enter your passcode (instead of having biometric authentication available) at a time when you have not just rebooted the device yourself, that would be your clue that something unusual is going on.

At which time you simply need to reboot the device yourself to clear anything made possible by this particular boot ROM bug.

[mantap]

iOS requires users to enter their passcode every week so they don't forget it.