@Phildude Re: So just switch to a strong password that's just numbers?
iOS devices only mentioned. But if we were to consider Android; if I enable "a passphrase" and I only use a numeric password; what does it present you with. If it's a full keyboard, then in this regard, iOS has it "correct for my usage model" (got fat fingers see, and a numeric keypad is better for that...).
Also, the article mentions that the brute force flaw bypasses the rate limiting and wipe device settings; I have my iPhone set to "wipe" after 10 attempts... By the time I got to the 7th or 8th failed attempt I was waiting ~2hrs for the next attempt (I tested this myself); so the back off delay you mention is already there and has been bypassed through use of this flaw.