No, the exploit has been patched as of firmware v1.4.1... (Note: current firmware is v1.4.2 which helps remove a couple of other theoretical attack vectors by forcing random starting numbers when entering PIN etc)

As far as I'm aware... there have been no known instances of this exploit "in the wild"... it was merely a "proof of concept" that was responsibly reported by the "15yr old kid" and was subsequently patched by Ledger.