Compensation is irrelevant - if you bothered to sniff around a specific vendor's security and you discover an exploit then you really should disclose it. Such is the lore of white-hatism.
Sure many don't do the above, but the OP author is presenting himself as white-hat/legitimate.
And as informed users, we should consider carefully giving our business to vendors who don't go out of their way to encourage private disclosure --- a zero-day on a vendor is a zero-day on all of it's customers.
Sorry, but no. Compensation is highly relevant. Do you work for free? Or do you just not consider security research to be worth anything?
Although there are various opinions on the best way to disclose bugs, your view of what it means to be "whitehat/legitimate" is not actually consistent with the infosec industry, so please do not misuse the terms to throw judgments at others.
We can easily spin it the other way too after all - one could say that the largest, most profitable company in the world has a moral obligation to compensate those that are protecting their users where they failed to.
Yes I do work sometimes for free - its called Open Source - and sometimes I see my labor implemented into commercial projects. That's fine by me. I take from the well more than I give to it.
I entirely agree that Apple should be compensating those that disclosure exploits appropriately - I didn't say otherwise. But if you have a status quo where a vendor won't compensate and you have a zero-day opportunity, I say the appropriate thing is to inform the vendor first anyway (you can always disclosing publicly if you get no response). I fight for the user and all that.
Disclosing it publicly zero-day doesn't make you any money anyway.
If it was a bug in a Google product, you can bet that he would have coordinated his disclosure with a fix.