No, the Internet Explorer Bug Isn't Fixed, Despite Reports

NBC News, By Julianne Pepitone

Incorrect reports are swirling that a major flaw in Internet Explorer has been fixed through a security update from Adobe on Monday.But Adobe's update fixes a completely different issue -- which means Internet Explorer users are still at risk as they await a patch from Microsoft. An Adobe spokesman confirmed to NBCNews: "The Microsoft advisory issued on April 26 is a separate issue from the Adobe bulletin issued April 28."

The confusion arose after security company FireEye revealed a big Internet Explorer flaw in a post on Friday, saying that hackers were using the bug to run malicious software on users' computers. (Microsoft followed up with its own "security advisory" on Saturday.) FireEye recommended that users disable Adobe Flash, saying "the attack will not work" in that case.

So when Adobe issued a Flash Player security update on Monday, several media outlets reported the patch would fix the Internet Explorer problem.

In reality, Adobe's update fixes a serious but separate problem: a Flash bug that is actively being used to attack visitors of a Syrian government website. Security firm Kaspersky Labs posted about that issue on Monday, and Adobe credited Kaspersky in its security update for the alert. Read more.