The problem is Apple could claim, "In our app verification process we can ensure such an exploit could never make it to the app store." The only way to test the full-scope of a vulnerability is to test it in a real world scenario, which means keeping it from Apple.
Unfortunately, I know of no other way to do it, unless companies like Apple create security groups that work with people like Charlie and give him an exemption to submit, and not notify other parties at Apple.
If that's the problem, it's a different problem. If I'm reading the article right, he did submit the exploit, companies like Apple do have channels to receive and respond to vulnerabilities and to credit people who find and report them. There's nothing in the information released so far on this that suggests he was, in fact, facing such a problem.
Unfortunately, I know of no other way to do it, unless companies like Apple create security groups that work with people like Charlie and give him an exemption to submit, and not notify other parties at Apple.