Under the detailed criteria listed here[0], it seems plain that he qualified for the $50k award when it comes to the Mac vulnerability, and the $25k award for the iOS one. Since they're fundamentally the same flaw, he'd likely only qualify for $50k, not $75k, but Apple still stiffed him of $43k. For shame.

[0]: https://security.apple.com/bounty/categories/