On February 1, Adobe published a security advisory about a critical vulnerability (CVE-2018-4878) in Flash Player 126.96.36.199 and earlier versions. Successful exploitation could allow an attacker to take control of an affected system.
An exploit for CVE-2018-4878 already exists, and is being used in targeted attacks against Windows users. So far, attacks based on this vulnerability have been delivered via Office documents with malicious Flash content as email attachments.
Adobe plans to address this vulnerability next week. Meanwhile, use extreme caution when deciding whether to open email attachments, especially if they appear to be Office documents.
Flash is gradually disappearing from use, but it’s still used enough to make it a tempting target for malicious hackers.
Duo Security: No Patch Yet: Flash Vulnerability Exploited in the Wild