File archiving utility WinRAR has been around for more than two decades… and for almost as long, there’s been a vulnerability in the application that could allow an attacker to take over your computer if you inadvertently used the app to open a malicious ACE archive file.
Researchers at Checkpoint security recently discovered the vulnerability and WinRAR has already released an update to protect users… by eliminating the ability to work with ACE files.
Note that you’ll want to install WinRAR 5.70 beta 1 or later in order to get the version that’s safe from these attacks… or you could just avoid ACE files altogether.
On the one hand, removing support for ACE files seems like a kludgy solution. On the other hand, the ACE file format is pretty old and out of date at this point — the ACE archive format is protected by a patent and the only software legally licensed to create ACE files hasn’t been updated since 2007.
That said, if you have sole old files around that are stored in an ACE archive, it’s unfortunate that WinRAR can’t open them anymore.
There are other applications that do still offer some form of support for ACE files. For example, PeaZip offers an optional plugin that lets you open, extract, browse, or convert existing ACE files… but it will not let you create new ACE archives. But I suspect it’s subject to the same vulnerability that affected WinRAR, because the UNACE Plugin for PeaZip relies on the same unacev2.dll exploited by the researchers at CheckPoint.
Meanwhile popular cross-platform file archiving utility 7-zip has never supported ACE files.
If you still want to open old .ace files, https://pypi.org/project/acefile/ says it supports this without using the unace .dll.
19 years,,whos running their security dept ,hillarys server geru
ACE and RAR. Popular formats for pirates for many years. I’m surprised people still use either format.
I’ve seen a bunch of compression formats, especially back in the late 90s and early 2000s, but I’ve never heard of ACE until I read this article.
If anyone comes across old floppies or cd-roms, the ace format might appear (I guess). A shame that they chose to abandon it altogether. I seriously doubt that any of the old (historic) files that might’ve used this format would pose a threat.
I started buying floppies off the back pages of magazines in the early days. Later it was cd-roms and BBSes. All for my fix of shareware, freeware and public domain programs. Saw lots of archiver formats (I recall pak, arc, arj, lzh… ) and for the life of me can’t recall ever running across ‘ace’. So maybe not a major loss…
Still… something about losing access to a bit of the past doesn’t sit well with me.