Originally Posted by Stiggles:
“So not controlled at all then!!
I think you're missing the point here. Its been cracked. Simple as that. Like any fingerprint scanner, it can be spoofed one way or another. Doesnt matter whether its easy or not.”
Of course it matters if it's easy or not.
The exploit that's been demonstrated requires you to have both the phone AND the owner's fingerprint, and enough time and the materials required to create the latex finger.
Okay, maybe if you have the phone you can get a workable fingerprint from somewhere on that phone. But you still need the materials. And you can't switch the phone off and come back to it later, because it'll ask for your passcode when you switch it back on. Meanwhile, if the owner notices it missing, they can put the phone in lost mode and/or wipe it remotely.
EDIT: For me, the biggest potential flaw is that Touch ID is completely optional, even when it's enabled. You can still choose to use the passcode instead. And, as the support document that you linked to mentioned, that's a less secure method if it's a four digit number. I've changed mine now to a longer alphanumeric code, given the convenience that Touch ID provides.