You don't even need to find a whole 0day, you can find step 3 of 14.

Just dump it anon or sell it, don't even try to claim a bounty or get a cve. Without elaborating, they will make sure you regret it

Same goes for games. If you find RCE, report it and move on. If it remains unfixed let a journalist know. Do NOT accept their invite to the studio, they want to have you arrested. Would have happened to me were it not for one dude with a conscience at the company warning me not to go

Now iOS 0-day is worth up to $2,000,000 on gray market so Apple kind a take it seriously.