It took Apple acting on its own to push out an unscheduled update to fix Zoom's problem before they got to it.

Last week we outlined how Zoom was sending telemetry data about you to Facebook, even if you don't have a Facebook account.

In the intervening week, all sorts of data points and news items came out about the (lack of) privacy issues with Zoom:

On April 1st, a (former NSA) hacker released two new Zoom 0-days that enable a hacker with local access to a Zoom session to take over the software to install malware.

The next day Krebs on Security reported on the fast spreading "Zoom Bombing" phenomenon where pranksters and miscreants were war dialing Zoom rooms, looking for ones without password protections and crashing the meetings, hurling insults and profanities at the participants.

It gets worse, turns out Zoom Bombing is a thing now, so the perpetrators are recording videos of their antics and releasing them on Tik Tok and who knows where else.

On the very next day (the cat came back....) it emerged that because of the naming scheme Zoom uses to create the files of video recordings participants make of their sessions, those records were easy to find and access on the web.  

Toronto's Citizen Lab reverse engineered the Zoom client and found that they had "rolled their own encryption scheme" and that it's pretty lousy encryption. Their report is here.