iOS 3 was "instant bypass". iOS 4/5 on everything up to the iPad 2/iPhone 4S was still device-bound, at 4-10 tries/second, but the backoff and wipe logic could be bypassed.
There are no public ways to extract from the newest devices on ios 5 or 6, except for a few corner-case bugs (which were limited, and patched).
Plenty once you jailbreak the phone, or compromise a paired device. I believe the best practice among public attacks is to do that. There are probably various exploits in iOS itself which let you root phones remotely. Beyond that, either secret attacks or hardware attacks, or figuring out how to get the phone to boot from one ramdisk while talking to the security element from before (which is trivial if you can sign stuff as Apple, and may actually be possible otherwise.)
There are no public ways to extract from the newest devices on ios 5 or 6, except for a few corner-case bugs (which were limited, and patched).
Plenty once you jailbreak the phone, or compromise a paired device. I believe the best practice among public attacks is to do that. There are probably various exploits in iOS itself which let you root phones remotely. Beyond that, either secret attacks or hardware attacks, or figuring out how to get the phone to boot from one ramdisk while talking to the security element from before (which is trivial if you can sign stuff as Apple, and may actually be possible otherwise.)