“This effectively disables code signature verification for its dynamic libraries and enables a code injection attack that Wardle calls "dylib proxying". It's not clear why Zoom uses this exception since its own libraries appear to be properly signed.”
https://www.csoonline.com/article/3535789/weakness-in-zoom-f...
Check latest pkg with Suspicious Package [0] analyzer.