Subscribe to Breaking News emails

You have successfully subscribed to the Breaking News email.

Subscribe today to be the first to to know about breaking news and special reports.

No, the Internet Explorer Bug Isn't Fixed, Despite Reports

Image: Illustration of a projection of binary code around the shadow of a man holding a laptop computer
Incorrect reports are swirling that a major flaw in Internet Explorer has been fixed through a security update from Adobe on Monday.KACPER PEMPEL / Reuters, file

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.

Incorrect reports are swirling that a major flaw in Internet Explorer has been fixed through a security update from Adobe on Monday.

But Adobe's update fixes a completely different issue -- which means Internet Explorer users are still at risk as they await a patch from Microsoft.

An Adobe spokesman confirmed to NBCNews: "The Microsoft advisory issued on April 26 is a separate issue from the Adobe bulletin issued April 28."

The confusion arose after security company FireEye revealed a big Internet Explorer flaw in a post on Friday, saying that hackers were using the bug to run malicious software on users' computers. (Microsoft followed up with its own "security advisory" on Saturday.) FireEye recommended that users disable Adobe Flash, saying "the attack will not work" in that case.

So when Adobe issued a Flash Player security update on Monday, several media outlets reported the patch would fix the Internet Explorer problem.

In reality, Adobe's update fixes a serious but separate problem: a Flash bug that is actively being used to attack visitors of a Syrian government website. Security firm Kaspersky Labs posted about that issue on Monday, and Adobe credited Kaspersky in its security update for the alert.

That Flash bug is significant, and users should download Adobe's update. But it's entirely separate from the wider Internet Explorer problem.

It's easy to see where the confusion came from -- Adobe's post said Monday's updates fix problems that could "potentially allow an attacker to take control of the affected system," a description that sounds like it could refer to the Internet Explorer issue.

Meanwhile, Microsoft is working to fix that wider Internet Explorer bug. Until then users should exercise caution, and take steps like running alternative web browsers and downloading a Microsoft "toolkit" to help guard against attacks.

Note: This story was updated to include Adobe's comment.

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
MORE FROM news