Feedback
Tech

No, the Internet Explorer Bug Isn’t Fixed, Despite Reports

Incorrect reports are swirling that a major flaw in Internet Explorer has been fixed through a security update from Adobe on Monday.

But Adobe's update fixes a completely different issue -- which means Internet Explorer users are still at risk as they await a patch from Microsoft.

An Adobe spokesman confirmed to NBCNews: "The Microsoft advisory issued on April 26 is a separate issue from the Adobe bulletin issued April 28."

The confusion arose after security company FireEye revealed a big Internet Explorer flaw in a post on Friday, saying that hackers were using the bug to run malicious software on users' computers. (Microsoft followed up with its own "security advisory" on Saturday.) FireEye recommended that users disable Adobe Flash, saying "the attack will not work" in that case.

So when Adobe issued a Flash Player security update on Monday, several media outlets reported the patch would fix the Internet Explorer problem.

In reality, Adobe's update fixes a serious but separate problem: a Flash bug that is actively being used to attack visitors of a Syrian government website. Security firm Kaspersky Labs posted about that issue on Monday, and Adobe credited Kaspersky in its security update for the alert.

That Flash bug is significant, and users should download Adobe's update. But it's entirely separate from the wider Internet Explorer problem.

It's easy to see where the confusion came from -- Adobe's post said Monday's updates fix problems that could "potentially allow an attacker to take control of the affected system," a description that sounds like it could refer to the Internet Explorer issue.

Meanwhile, Microsoft is working to fix that wider Internet Explorer bug. Until then users should exercise caution, and take steps like running alternative web browsers and downloading a Microsoft "toolkit" to help guard against attacks.

Note: This story was updated to include Adobe's comment.