What Zoom did was negligent and incompetent, but I don't see that there was malicious intent. I do agree, however, that what they tried to do is unacceptable even if implemented competently.
But even if it weren’t — and we can agree to disagree on the intent — the second the RCE is popped, it becomes a massive security issue and it becomes traditional malware. As I said, I’m convinced Apple would do the same thing if this was something left behind or associated with Java or Flash.
But I will admit that I'm starting to see the question of Zoom's intent a bit differently after thinking about what you have said.
Instead you defended Apple fixing security issues in third party software (as I understood it without user consent) and you compared any concerns about that with concerns about buses intentionally running over pedestrians.
So apparently our debate took wrong turn and that wasn't entirely my fault although I will take some of the blame.
I agree that Zoom's intent (and even more so their methods) is icky. So perhaps we should have focused on that, because I can understand the reasoning that this makes Apple's actions look far more justified than I initially thought.
It is actually very competent of them, except for the security part.