I small company I worked for once hired a programmer from Microsoft. He was a friend of one of the companies owners. When I was introduced to him, the co-owner bragged that he was so awesome, because he had brought the entire source code for Windows NT with him. I was aghast, and told him that we should have nothing to do with that, and that he shouldn’t even bring that hard drive into the office. The co-owner didn’t understand my concern - he thought it was great that we could use that code base to make out product more efficient.
The NPR show in the OP explicitly mentioned that what happened was completely legal. So, if they did have C source it must have been open source. Getting hold of proprietary source by some nefarious means, then selling an exploit you discover, would absolutely not be legal.
Sounds similar but I’m not sure it’s the same. The vulnerability was used to create a jailbreak exploit, and the buyer was a Chinese group that wanted to launch their own app store so they could make massive amounts of money by selling apps for jailbroken phones. There is a huge population of jailbroken phones in China so this kind of gray-market app store is incredibly lucrative. There was one group willing to pay $1 million for such an exploit.
There was a case involving convictions of several people who sold proprietary source code. One of the convicted was a high school classmate of mine. The guy your company hired was incredibly stupid, almost as stupid as the co-owner.
(Another classmate was Ana Montes, a convicted spy. I had a very notorious high school class.)