As for Apple, they have no obligation to do anything.
I don't know whether that's true legally here, but if it is, I don't think it should be.
If they provided devices with a factory reset that let someone unlock them, even if it meant locking out any older data, then maybe.
If they sold them with prominent warnings about how they could be rendered permanently useless in this sort of situation, maybe.
But they don't do those things. They deliberately lock the device to an authentication mechanism over which they have exclusive control under these conditions. If you're going to do that, and you're not going to warn people about it so they can make an informed decision about whether they want to buy a product with that limitation in the first place, then I think you do bear some responsibility for ensuring that the recovery mechanism operates reasonably.
I don't know whether that's true legally here, but if it is, I don't think it should be.
If they provided devices with a factory reset that let someone unlock them, even if it meant locking out any older data, then maybe.
If they sold them with prominent warnings about how they could be rendered permanently useless in this sort of situation, maybe.
But they don't do those things. They deliberately lock the device to an authentication mechanism over which they have exclusive control under these conditions. If you're going to do that, and you're not going to warn people about it so they can make an informed decision about whether they want to buy a product with that limitation in the first place, then I think you do bear some responsibility for ensuring that the recovery mechanism operates reasonably.