What's in a hack?
Really, getting a message past a spam filter to trick a user into going to a custom crafted website just to gain access the contact list? it can't gain admin access, it can't install remote code, it can't be remotely controlled to do anything, it can't access e-mail or the user local file system where data of VALUE is; these hacks are just pointing out exploits but even these top hackers and teams of hackers can't use an automated tool to remotely breach actual device security.
Who cares if my contact list gets siphoned off... It;s e-mail addresses, physical addresses, names and numbers. 99% of that is already floating around out there anyway (much of it and more in PUBLIC record). If you;re storing account numbers and password and such in your contacts, or sending them through unsecured SMS, you;re already a moron.
When they can have a bot install remote code and key-log the iPhone's virtual keyboard, or access the files in local storage, we'll call them winners.
I applaud the effort for finding these vulnerabilities, even more so that it's done with specific intent to provide the manufacturer's time to fix them, and with this contest and ones like it to continue, but lets not let the press blow things out of proportion here... Its far easier to get a virus into an android device simply by uploading it through the marketplace than it is to steal some names and numbers here through actual hacking and trickery... The encrypted parts of the iPhone have NEVER ONCE been breached, permission escalation has never been achieved, and remote code installation equally so. The only real "hacK' of these things ever shown was either given PHYSICAL access to it, or used a loophole in a jailbreak that left SSH Server running with a default published root password (oops).