IIRC most of these bugs arise because of things that should be available while the device is unlocked: the dialler and camera for example. Camera is supposed to restrict gallery access and the dialler is supposed to only permit emergency calls. I'd expect that every app trusted with running while the device is locked will have these bugs as Apple goes forward too.

The bugs seem to a bit more nuanced than just testing for a locked device; the attacks seem to rely on performing actions simultaneously to exploit race conditions much like weird glitches in games. This class of bugs is really hard to test for due to the large search space. Model checking might offer a solution, but it's not a magic bullet by any means.

Speaking of games, that's exactly what the humble games tester spends a good chunk of time doing: uncovering bugs by coming up with weird things to try, like spamming input at unexpected moments.