Important Security Update for Zoom on Mac
Tony Still Esteemed Mac security researcher Patrick Wardle reported this last December but Zoom's fix was flawed. He presented it at the Def Con conference last week and a valid fix is now available. Read more here.
The problem is with Zoom's auto-update that can be tricked into downloading any malware and then escalating its privileges to root (Wardle's slides are here). I believe this needs a local (to your Mac) user to trigger it but that could be an innocent (you?) prompted by a social engineering attack (ie they tricked you). The root access grants the malware access to everything.
Sadly this is not the first serious incident with Zoom on Mac, see The 'S' in Zoom, Stands for Security.