Flash exploit explained... really well written.

Even if you have only a slight working knowledge of how a compiled app talks to and works with your computer's memory, this is a totally awesome article that quickly summarizes a report by Mark Dowd at IBM Security Systems (the 25 page report shows how some malicious AS code might use ActionScript's VM to allow access to any of the billions of OS-independent computers that have Flash installed). Yes, a bit geeky, but at least he talks about cyberdine, skynet, the koopa family, and has some nice pitfall animations.