Zoom is clearly not malware. It just has a bug. Is updating regular third party software documented behaviour of macOS? If so then I agree that it is not abuse. Otherwise Apple has some explaining to do.
That is not a bug
The problem is that Apple appears to have made an exception to its own rules in this particular case. If I understand correctly, they used a first party system update mechanism to change third party software.
I don't think any of these are established facts and I don't understand how you, a fellow fact-fancier, haven't acknowledged that before breezily moving on to a discussion of the precise definition of the term 'malware'.