I wonder if this was in response to a major hardware security breach? Does that mean that devices released before the patch are now vulnerable?
It's not a patch. It is changed hardware.
You are NOT vulnerable at all if you use an 8 digit passcode. Every attempt to check a passcode takes 80 milliseconds, and that time cannot be shortened. An 8 digit passcode has 100 million combinations, trying them all at 80 milliseconds per attempt takes 8 million seconds = over three months, and before that someone must steal your device, buy very expensive hardware for an attack, break every other protection on your device. It's not something your random hacker on the street can do. It's what the NSA, or GCHQ, or whatever the successor of the KGB is, or the Chinese can do.
And compare this to what happened elsewhere: TWO companies selling "secure communications" software mostly to criminals have been completely, totally, absolutely hacked by Interpol. In the first case, European police has _every single message_ sent with this "secure communications" app sent by about 50,000 criminals. Without having any of those devices in their hands.