I have created a new post to make the timeline easier to follow. As before it will be updated throughout the year with any details of the Flash vulnerabilities being exploited.
6th February: Adobe releases Flash Player v126.96.36.199 resolving 2x priority 1 CVEs. Please see the timeline update for the 13th of April (below) for more information on how one of these vulnerabilities is now being exploited.
13th March: Adobe releases Flash Player v188.8.131.52 resolving 2x priority 2 CVEs.
10th April: Adobe releases Flash Player v184.108.40.206 resolving 6x priority 2 CVEs.
8th May 2018: Adobe releases Flash Player v220.127.116.11 resolving 1x priority 2 CVE.
Update: 10th January 2018: The timeline was updated to add the Adobe Flash Player update for January 2018. At the time of writing no exploits for the issue fixed by this update are known to be taking place.
Update: 13th February 2018: The timeline was updated to add the Adobe Flash Player update for February. One of these vulnerabilities CVE-2018-2878 is a zero day (defined) vulnerability being exploited in targeted attacks.
Update: 13th March 2018: The timeline was updated to add the Adobe Flash Player update for March. At the time of writing neither of the 2 vulnerabilities fixed are being exploited.
Update 1st April 2018: No further vulnerabilities within Flash Player were disclosed during the Pwn2Own 2018 competition.
Update 13th April 2018: The timeline was updated to add the Adobe Flash Player update for April. At the time of writing none of the 6 vulnerabilities fixed are being exploited.
Update 8th May 2018: The timeline was updated to add the Adobe Flash Player update for May. Similar to April; at the time of writing the resolved vulnerability is not being exploited.
CVE-2018-4878; the use after free (defined) vulnerability resolved by Adobe in February is now being used by the ThreadKit exploit key (defined) to send Microsoft Office documents exploiting this flaw. Please update Adobe Flash Player if you have it installed and do not open any document attached to an email you weren’t expecting. Further details are available in this news article.