A new exploit that require synchronization and physical access to a device with Siri enabled on the lock screen gives attackers the opportunity to see the contact information, including photos and message logs.
For this new exploit to work, attackers who have access to the device should call the phone and start sending a message. Then the hackers instruct Siri to activate the voice.
For the next steps, time is of the essence. Attackers should double tap on the contact information bar and keep the second tap on the bar, while immediately tapping on a keyboard that may or may not be invoked in time to make the exploit effective.
At this point, the attacker can type the first letter of the contact name and then press the button next to the contact information for more details on it. The phone stays locked throughout the attack.
It seems that you can replicate the steps to the exploit is effective on an iPhone SE, iPhone 6 Plus and iPhone 6S Plus, but not on an iPhone 7 or 7 Plus, probably because the times of invocation of the keyboard are a bit Different. Moreover, there are several Youtube channels reporting that the attack is possible from iOS 8.0 and all iPhone models.
The best way to avoid this attack is to disable Siri while the phone is locked in the "Touch ID & Passcode" section, or to prevent physical access to the device. There are users who have already reported the error to Apple.