But maybe they'll share it with you if you book on their training course. Only EUR 4000!

What a jailbreak is worth these days.. close to a million? So training course for a few grand by someone capable of developing a jailbreak (on numerous occasions*) should be a well-spent educational investment, even if no unfixed vulnerabilities are shared (obviously, they won't be).

I'm pretty sure someone has already paid for the course and then released all the private exploits - https://twitter.com/search?q=from%3Ai0n1c%20pangu&src=typd

You seem to not understand the difference between "already fixed vulnerabilities" and a private jailbreak.

I understand the difference. I don't see the distinction. They know an unpatched vulnerability and if they haven't reported it to Apple, they don't own the moral high ground that would justify their smug public-interested belief.

In fact, as someone who lives and breathes in this ecosystem and gives talks on the ethics involved, I kind of want to argue the opposite: that doing a play-by-play breakdown of a recent bug to the point of educating an attacker how to exploit it, you increase everyone's danger and don't particularly increase their safety, while disclosing a bug being hoarded in a "just me and a ton of my close friends over a long period of time" (which is not how the groups who enjoy publishing public jailbreaks play the game) in a high-level way would actually do the opposite.