San Francisco security researcher Noah Roskin-Frazee and a co-defendant were charged with allegedly defrauding Apple by using a password reset tool to break into the account of...
The timing is probably just coincidence. He probably submitted a bug bounty weeks or months earlier and it just now got included in release notes
The fraudulent orders happened a few years ago, which was alleged recently
The indictment states that the pair attempted to fraudulently obtain over $3 million from Apple through more than two dozen fraudulent orders. For orders that did complete, they obtained around $2.5 million in electronic gift cards and more than $100,000 in “products and services.” The scheme started in December 2018 and continued until at least March 2019.
The timing is probably just coincidence. He probably submitted a bug bounty weeks or months earlier and it just now got included in release notes. 
hush! we can’t our salacious headlines ruined with pesky details and nuance!
The fraudulent orders happened a few years ago, which was alleged recently