Posted on February 2, 2014 by mkrautz
The Mumble team has released version 1.2.3 of the iOS Mumble client.
This new version contains two important client-side security fixes, and we advise users to download this update from the App Store as soon as possible.
Alongside these security fixes, this release also includes a few minor bug fixes:
- Increased the size of Mumble’s encoding buffer for Opus packets to be able to encode all Opus packets without triggering Opus’s internal rate limiting.
- Fixed a bug that could cause the certificate accept alert view that is shown upon connecting to a server with an unknown certificate to sometimes be hidden on iOS 7.
- Several external libraries have been synced to their latest stable versions.
Security advisories for the two fixed vulnerabilities are available below:
- A malformed Opus voice packet sent to a MumbleKit client could trigger a NULL pointer dereference.
- A malformed Opus voice packet sent to a MumbleKit client could trigger a heap-based buffer overflow.
The Mumble team