Mumble for iOS 1.2.3

Posted on February 5, 2014 by mkrautz

The Mumble team has released version 1.2.3 of the iOS Mumble client.

This new version contains two important client-side security fixes, and we advise users to download this update from the App Store as soon as possible.

Alongside these security fixes, this release also includes a few minor bug fixes:

• Increased the size of Mumble’s encoding buffer for Opus packets to be able to encode all Opus packets without triggering Opus’s internal rate limiting.
• Fixed a bug that could cause the certificate accept alert view that is shown upon connecting to a server with an unknown certificate to sometimes be hidden on iOS 7.
• Several external libraries have been synced to their latest stable versions.

Security advisories for the two fixed vulnerabilities are available below:

• Mumble-SA-2014-003 (txt, sig)

  • A malformed Opus voice packet sent to a MumbleKit client could trigger a NULL pointer dereference.

• Mumble-SA-2014-004 (txt, sig)

  • A malformed Opus voice packet sent to a MumbleKit client could trigger a heap-based buffer overflow.

The Mumble team