It's interesting you have to go back to 2013 to find something.

1. There's actually nothing here to suggest this was done as part of project zero or any part of tavis's job. In fact, this was before project zero even existed, AFAIK.

2. He published details about it in march (O(60) days), as he said. It was still a security bug then, just missing a working exploit.

3. This thread produced a working exploit.

I'm gonna go with "either unrelated or fair".

Unrelated if it wasn't done by Tavis as part of his job, and fair if it was given the timeline and disclosure policies that existed at the time.