Malwarebytes released a report on GrayKey – a device capable of breaking 4 and 6 digits long PINs on iPhones. After the iPhone is unlocked, the full contents of the filesystem are downloaded to the GrayKey. From there, they can be accessed through a web-based interface on a connected computer, and downloaded for analysis. The full, unencrypted contents of the keychain are also available for download.
The full report is available here: Malwarebytes Blog
From what I’ve gathered so far, it seems that all iPhones (even the newly released iPhone X) are vulnerable at the moment. Apple is yet to release a statement on the report.
GrayKey is being developed by Grayshift, a new company on the security market established by a group of former intelligence agency operatives and Apple engineers. Their website is not the greatest source of information but this might change in the future: https://grayshift.com/ (automatically redirects to https://graykey.grayshift.com/)
GrayKey is available for purchase with prices starting at $15,000 (300 uses). The full version with unlimited uses costs $30,000.