From what I heard the government wanted Apple to do, I think the exploit is in two parts. First, Apple software updates do not require the screen lock code. They only require that the user ID and password for the Apple account be stored in the phone and that the settings allow automatic updates. Second, ten wrong guesses on the screen lock code wipes the phone. But if you stop the counter from counting, you can exhaust the possibilities in less than 24 hours if you have physical access to the phone. So, you send the phone a software update with the counter disabled, so it doesn't count. Then you try every possible lock code. QED, "quite easily done," as my Mathematical Economics professor used to say.
There are some skeptics who say that Apple doesn’t allow updates without the screen lock code. I believe this is incorrect. The FBI has the physical phone. According to the Internet documentation, you can update the Apple 5c by connecting it to an Apple computer and using Itunes. The screen lock code is not required.
Others objected that the lock codes would have to be entered through the touch screen of the phone manually. I don’t think that’s true either. Apple uses subcontractors to manufacture the screen hardware. The specifications are circulated to competing subcontractors. It would be relatively easy to simulate screen input on a phone you can physically take apart and rewire to an alternate input source.
Now Apple is suing the FBI to force the disclosure of how the Feds unlocked the Apple 5C phone. We do not need a lawsuit or a law. Apple did not give the FBI a way to open the phone. The FBI got