From the Adobe PSIRT blog (https://blogs.adobe.com/psirt/?p=1520):
QuoteA Security Advisory (APSA18-01 (https://helpx.adobe.com/security/products/flash-player/apsa18-01.html)) has been published regarding a critical vulnerability (CVE-2018-4878) in Adobe Flash Player. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.
Adobe will address this vulnerability in a release planned for the week of February 5.
A bit more on the story:
https://arstechnica.com/information-technology/2018/02/theres-a-new-adobe-flash-0day-and-up-and-coming-hackers-are-exploiting-it/ (https://arstechnica.com/information-technology/2018/02/theres-a-new-adobe-flash-0day-and-up-and-coming-hackers-are-exploiting-it/)