its more valuable than 90-days of a developer's time, not even correlated to time at all really
For the record, this could be accomplished by a trustworthy source announcing "there is a critical vulnerability in Zoom's macOS software and you should uninstall it immediately pending vendor response". Some researchers do this already -- Tavis Ormandy has, for example.
It's not a binary choice between no disclosure and releasing an unpatched PoC.
By the way, I'm not trying to argue that this researcher behaved unethically, just sharing another option. My usual take is that the researcher gets a lot of leeway for having to make a difficult decision and presumably trying their best to balance consequences, similarly to how a pilot trying to land an emergency plane has great discretion in how they do so.