A new technique is being used to hide exploit-based attacks. Fraudsters pack the exploit pack in the Flash file. The packed Flash object is loaded to a page in the browser and has the right to write to and modify the page. This allows for the page to be modified, even if the object was loaded from a different domain. With this privilege, the malicious Flash object simply writes exploits to the page from its binary data. There is no malicious content in the web traffic or on the page delivered to the browser.”]
Source: https://securelist.com/how-exploit-packs-are-concealed-in-a-flash-object/69727/