I have the magic registry setting set so that FASL output (i.e. 'what it found') shows up in the CSV vulnerability list for an asset report:
(a much-recommended tweak!)
In some cases I am able to figure out what the FASL output (as listed in the CSV) means. In some cases it's a godsend! But for some output I'm confused. For example:
What does that mean? Something about iphone, for sure, and there's a date and version number, but is that what it was looking for, or what it found? And what's that initial sequence of characters?
I don't have easy access to this particular system, and so I can't easily attempt to verify by hand.
In general, how is the FASL output presented/how does one interpret it?
Any clues as to which script returned that output? I might be able to tell by checking the script.
Vulnerability IDs 1266, 12811, 12953, 13388, 14184, 12591, 12566, and 12372 all return that particular FASL output string.
The vulnerability names for all but the last one are in the format
(HTXXX) Apple iO(S Multiple Vulnerabilities Prior To [a version number]
The last vuln name is
Apple iOS CoreGraphics FreeType Remote Code Execution
(I'm guessing that the 4.2.1 is the version the script found/current version, since the version number is constant between the detections.)
Does that help with identifying a the script?
And I gather, based on your answer, that the FASL output doesn't necessarily follow any particular pattern? It's script-dependent, or rather, dependent on how the developer wrote the script?