Browser plug-ins have always been an attractive target for attackers to exploit. In the last couple of years, the most prevalent attack platform was undoubtedly – Flash. With 250+ CVEs in 2016 alone, and incorporation in practically every exploit kit, Flash exploits are everywhere and deserve our attention.

http://blog.checkpoint.com/2017/05/03/debug-instrumentation-via-flash-actionscript/