So they get the exploit and fix it without paying the person who found it. These kinds of actions lead exploit finders to instead pursue rewards through the black market. Very sad indeed.