>I.e: because the flash exploit didn't establish two-way clearnet communication with the target computer, how can they prove that the outgoing clearnet I.P. was not spoofed?

I'd assume that the flash snippet establishes a TCP connection, so it has to complete a handshake first. Those are fairly hard to spoof.