It appears that the flash player has a number of vulnerabilities being exploited by some hackers. Kinda makes sense. With the player being so ubiquitous it gives them more reach than targeting specific browsers. Some of these exploits have been fixed by Adobe, while others still remain. Check out hackers.org for more specific clickjacking details. Adobe has also posted a workaround for the clickjacking issue.

A funny one that has been fixed now, allowed the hacker to hijack a users webcam via a clciking game. This video shows how it was done.

Pretty clever actually. An swf file with its wmode set to transparent is placed on top of an iframe with the flash player's privacy settings panel, then the order of the two are alternated so that some clicks are on the game while others are on the settings panel. Without really knowing, the user clicks all the right buttons enabling access to their webcam. As the exploit relied on javascript, Adobe has now added a frame-bursting script to the settings manager.

Watch where you click.