I like to think I'm fairly up to speed on techie stuff, but Thomas Ptacek just posted an synopsis of a Flash exploit that I can just barely comprehend. That is, he analysed a whitepaper by someone really, really smart (that I couldn't possibly understand), and summarized it (marking himself as really smart, at least) in a way that I could begin to understand. Scary stuff, that.

Key extracts from the article (which I recommend as a great, if bewildering, read):

The evidence is now overwhelming that Mark Dowd was, in fact, sent back through time to kill the mother of the person who will grow up to challenge SkyNet. Please direct your attention to Dowd’s 25-page bombshell on a Flash bytecode attack.

...

Look at the details of this attack. It’s a weaponized NULL pointer attack that desynchronizes a bytecode verifier to slip malicious ActionScript bytecode into the Flash runtime. If you’re not an exploit writer, think of it this way: you know that crazy version of Super Mario Brothers that Japan refused to ship to the US markets because they thought the difficulty would upset and provoke us? This is the exploit equivalent of that guy who played the perfect game of it on YouTube.