I don't see anything in the article that suggests this - as I read it, it pretty much says the opposite. What else have you read that outlined these rules and the exception Apple made?
As far as I know, there is no system-wide update mechanism for third party software not distributed through the Mac App Store that does not require any user interaction. So apparently they (ab)used the system update mechanism.
Zoom is clearly not malware. It just has a bug. Is updating regular third party software documented behaviour of macOS? If so then I agree that it is not abuse. Otherwise Apple has some explaining to do.
That is not a bug
The problem is that Apple appears to have made an exception to its own rules in this particular case. If I understand correctly, they used a first party system update mechanism to change third party software.
I don't think any of these are established facts and I don't understand how you, a fellow fact-fancier, haven't acknowledged that before breezily moving on to a discussion of the precise definition of the term 'malware'.