Hot on the heels of the recent Path address book controversy, a new bug has been found in iOS 5.0.1 , which could allow anyone to access information about your Address Book contacts, or even make FaceTime calls, even if your device is protected with a passcode.
In short, it works like this: If you’ve got your iPhone set to what are basically the highest security settings–passcode required immediately, as well as voice dial and simple passcode off–you can still make FaceTime calls through the iPhone’s emergency call feature using Voice Control.
Even if voice dialing is disabled, the feature can still be accessed by using the iPhone’s emergency call feature, intended as a safety feature to allow anyone to make 911 calls from any iPhone, whether it is locked are not.
While the voice calls won’t actually go through, you can still start a FaceTime call with anyone in the person’s address book as long as you know the first names of individuals in their address book (or guess them). If that person does not have FaceTime enabled, you can see their full contact name and their contact photo.
Apple will likely patch the issue with iOS 5.1, which many believe will be released alongside Apple’s iPad 3 announcement.