Author Topic: TIFF:CVE-2013-3906 (Expl) - False Positive on Xcode docsets?  (Read 3371 times)

0 Members and 1 Guest are viewing this topic.

MonkeyButler

  • Guest
TIFF:CVE-2013-3906 (Expl) - False Positive on Xcode docsets?
« on: November 07, 2013, 10:07:35 PM »
I have just run a full scan on my iMac (OS X 10.9 Mavericks) using Avast 8 (40005) with definitions 13110700 and it has detected the following things I believe to be False Positives:

~Library/Developer/Shared/Documentation/DocSets/com.apple.adc.documentation.AppleOSX10_8.CoreReference.docset/Contents/Resources/Documents/samplecode/CocoaSpeechSynthesisExample.zip

( three *.tiff files inside it allegedly infected with TIFF:CVE-2013-3906 [Expl] )


~Library/Developer/Shared/Documentation/DocSets/com.apple.adc.documentation.AppleOSX10_8.CoreReference.docset/Contents/Resources/Documents/samplecode/NumberInput_IMKit_Sample.zip

( twenty-one *.tiff files inside it allegedly infected with TIFF:CVE-2013-3906 [Expl] )



These two zip files, containing the tiff files, are both within ~Library/Developer/Shared/Documentation/DocSets/com.apple.adc.documentation.AppleOSX10_8.CoreReference.docset ... which is an Xcode developer docset that has a last modified date of 16th November 2012.

I have submitted both zip files to VirusTotal.com, and Avast was the *only* AV scanner to detect a threat in either of them.

Also, from Googling, it seems that CVE-2013-3906 is a very recent tiff exploit for Windows.

I've submitted a ticket for this, but wanted to also post it on the forum to see if anyone else had encountered it, and see if I got a reply from Avast here too.

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: TIFF:CVE-2013-3906 (Expl) - False Positive on Xcode docsets?
« Reply #1 on: November 08, 2013, 08:40:00 AM »
Hello,
thanks for reporting, we made fix of this detection and it will be released in next VPS update.

Milos

b6nb3a

  • Guest
Re: TIFF:CVE-2013-3906 (Expl) - False Positive on Xcode docsets?
« Reply #2 on: November 08, 2013, 03:10:23 PM »
I believe there's another false positive. I'm running VMware Fusion 6. Few minutes ago I was notified about an update to Version 6.0.2. Fusion downloaded and tried to install, but got interrupted by avast. Avast moved the update file (176 MB) out of the Fusion App to the avast container, while Fusion itself said that I need to contact VMware Support, because the CDS-Client wouldn't work properly.

DerekBerube

  • Guest
Re: TIFF:CVE-2013-3906 (Expl) - False Positive on Xcode docsets?
« Reply #3 on: November 08, 2013, 08:40:48 PM »
I received this error message too when downloading OmniGraffle 6 from the Mac App Store.

MonkeyButler

  • Guest
Re: TIFF:CVE-2013-3906 (Expl) - False Positive on Xcode docsets?
« Reply #4 on: November 09, 2013, 05:26:59 PM »
Hello,
thanks for reporting, we made fix of this detection and it will be released in next VPS update.

Milos

Thanks Milos :)

I was also told in a reply to my ticket that it is not detected by the latest definitions.


Do you know when that update will be?

My Avast for Mac is still using definitions 13110700, and when I try and manually update it it says I still have the latest version.