What they have managed to do, is to prove that the SMS service on an iPhone most likely have root access. They build this prof on the fact that code sent through an SMS has crashed their iPhone without the users involvement.
The reason they're coming out with their warning is because they fear someone could use this exploit for worse things than just an annoying crash, such as installing software for surveillance(location, video and voice access) or the buildup of a botnet using iPhones.
As for Apple I expect they will say it's unlikely someone will use the exploit and won't fix it until after the first real attack is documented, instead of now when they got the warning.