If you need to send more than 2^68 bytes of data, you've got bigger problems than your crypto breaking.

You're assuming a correct implementation with a 64-bit counter, though.

Yes. I'm also assuming people have correct implementations of AES.

I have never exploited an incorrect implementation of an AES core in a real application, but have exploited "broken" counters.