My bigger problem isn't the security issues per se. Even in aggregate, discovered so closely together I've seen worse in my time.
My concern was the tone and character of the response Zoom would return to their concerned customers. I'm fairly often on the hook for managing our response to our customers for security incidents we're possibly responsible for [open source middleware - weekly occurrence, naturally]. When a customer says something like "Help me understand what was going on CVE-2022-192729" what they _actually_ want to know are the answers to little questions like "How did you let this happen?", "How did you find out about this?" and most importantly "What are you going to do to stop this happening again?"
When we went to Zoom and asked them to provide us a formal response to their recent security incidents, the text returned was nowhere near up to snuff for an enterprise software vendor. The text was trite, dismissive and arrogant. For example on the topic of how they installed a fully unauthenticated, open to the world web server on everyone's machines without asking, the response reads thusly:
"Zoom is not malware. Zoom is safe to use for both you personally and businesses, but you should read through on how to best protect yourself and your company. Throughout the past few days, social media (mostly infosec twitter) is gushing with various opinions and hot takes about Zoom being malware due to multiple issues found with it. Some of these issues are indeed problematic (and are/were taken care of by Zoom) and some of the issues that are being raised and discussed in social media are in fact not bugs or issues with Zoom itself but issues with the way operating systems work."
They quote some nobody infosec blogger [yeah - that's not even their own words they sent to us] in order blame us for getting hit, they blame the "gushing infosec twitter" for finding their massive security fuckup and they blame operating systems for letting them get away with it. This is the calibre of company we're dealing with, and frankly I do not believe that is good enough for other companies to be trusting Zoom with their secure, corporate communications.