TIFF:CVE-2013-3906 (Expl) - False Positive on Xcode docsets?

Avast Mac Security
1

I have just run a full scan on my iMac (OS X 10.9 Mavericks) using Avast 8 (40005) with definitions 13110700 and it has detected the following things I believe to be False Positives:

~Library/Developer/Shared/Documentation/DocSets/com.apple.adc.documentation.AppleOSX10_8.CoreReference.docset/Contents/Resources/Documents/samplecode/CocoaSpeechSynthesisExample.zip

( three *.tiff files inside it allegedly infected with TIFF:CVE-2013-3906 [Expl] )

~Library/Developer/Shared/Documentation/DocSets/com.apple.adc.documentation.AppleOSX10_8.CoreReference.docset/Contents/Resources/Documents/samplecode/NumberInput_IMKit_Sample.zip

( twenty-one *.tiff files inside it allegedly infected with TIFF:CVE-2013-3906 [Expl] )

These two zip files, containing the tiff files, are both within ~Library/Developer/Shared/Documentation/DocSets/com.apple.adc.documentation.AppleOSX10_8.CoreReference.docset … which is an Xcode developer docset that has a last modified date of 16th November 2012.

I have submitted both zip files to VirusTotal.com, and Avast was the only AV scanner to detect a threat in either of them.

Also, from Googling, it seems that CVE-2013-3906 is a very recent tiff exploit for Windows.

I’ve submitted a ticket for this, but wanted to also post it on the forum to see if anyone else had encountered it, and see if I got a reply from Avast here too.

2

Hello,
thanks for reporting, we made fix of this detection and it will be released in next VPS update.

Milos

3

I believe there’s another false positive. I’m running VMware Fusion 6. Few minutes ago I was notified about an update to Version 6.0.2. Fusion downloaded and tried to install, but got interrupted by avast. Avast moved the update file (176 MB) out of the Fusion App to the avast container, while Fusion itself said that I need to contact VMware Support, because the CDS-Client wouldn’t work properly.

4

I received this error message too when downloading OmniGraffle 6 from the Mac App Store.

5

Thanks Milos :slight_smile:

I was also told in a reply to my ticket that it is not detected by the latest definitions.

Do you know when that update will be?

My Avast for Mac is still using definitions 13110700, and when I try and manually update it it says I still have the latest version.