Mumble Open Source, Low Latency, High Quality Voice Chat

Mumble for iOS 1.2.3

Posted on February 2, 2014 by mkrautz

The Mumble team has released version 1.2.3 of the iOS Mumble client.

This new version contains two important client-side security fixes, and we advise users to download this update from the App Store as soon as possible.

Alongside these security fixes, this release also includes a few minor bug fixes:

  • Increased the size of Mumble’s encoding buffer for Opus packets to be able to encode all Opus packets without triggering Opus’s internal rate limiting.
  • Fixed a bug that could cause the certificate accept alert view that is shown upon connecting to a server with an unknown certificate to sometimes be hidden on iOS 7.
  • Several external libraries have been synced to their latest stable versions.

Security advisories for the two fixed vulnerabilities are available below:

  • Mumble-SA-2014-003 (txt, sig)

    • A malformed Opus voice packet sent to a MumbleKit client could trigger a NULL pointer dereference.
  • Mumble-SA-2014-004 (txt, sig)

    • A malformed Opus voice packet sent to a MumbleKit client could trigger a heap-based buffer overflow.

The Mumble team