Earlier today Adobe released an out of band (un-scheduled) update for Flash Player to resolve 2x critical CVEs (defined) and 2x Important CVEs. One of these designated CVE-2018-5002 is a zero day (defined) vulnerability under active attack which originate from Microsoft Office documents with embedded Flash content. The exploits are said to trigger with little to no user interaction.
While Adobe confirmed the attacks are limited and targeted in nature, they are thought to target users in the Middle East.
This Flash Player update also adds a dialog box which prompts user when viewing an Office document if they wish to load Flash Player content.
If you use Adobe Flash Player, please install the update as soon as possible using the steps provided within Adobe’s security bulletin. Google and Microsoft will make available updates for their browsers very shortly.