The problem stemmed from a line of code that was never intended for release. The flaw was fixed in an update posted for download on the firmware s review site earlier this week. More than 2,500,000 Android users have installed the free, third-party OS replacement to their phones. Attackers would have to gain physical access to phones with CyanogenMod installed and then access the swipe logs, stored locally on the device, according to the International Digital Times. Those users who have it installed can find the latest updates here and a fix for the swipe logging flaw.
Source: https://threatpost.com/cyanogenmod-fixes-flaw-logged-users-unlock-codes-102512/77153/