So the CVE-2020-11470 is back.
“This effectively disables code signature verification for its dynamic libraries and enables a code injection attack that Wardle calls "dylib proxying". It's not clear why Zoom uses this exception since its own libraries appear to be properly signed.”
https://www.csoonline.com/article/3535789/weakness-in-zoom-f...
Check latest pkg with Suspicious Package [0] analyzer.
[0] https://www.mothersruin.com/software/SuspiciousPackage/
https://news.ycombinator.com/item?id=32447339