To be clear, in less than 2hrs, Zoom went from “It’s a feature" to “We are patching to remove the vulnerability tonight”. I’d bet Apple threatened to add the whole app to the insta-ban malware list, not just the local web server.