File archiving utility WinRAR has been around for more than two decades… and for almost as long, there’s been a vulnerability in the application that could allow an attacker to take over your computer if you inadvertently used the app to open a malicious ACE archive file.
Researchers at Checkpoint security recently discovered the vulnerability and WinRAR has already released an update to protect users… by eliminating the ability to work with ACE files.
Note that you’ll want to install WinRAR 5.70 beta 1 or later in order to get the version that’s safe from these attacks… or you could just avoid ACE files altogether.
On the one hand, removing support for ACE files seems like a kludgy solution. On the other hand, the ACE file format is pretty old and out of date at this point — the ACE archive format is protected by a patent and the only software legally licensed to create ACE files hasn’t been updated since 2007.
That said, if you have sole old files around that are stored in an ACE archive, it’s unfortunate that WinRAR can’t open them anymore.
There are other applications that do still offer some form of support for ACE files. For example, PeaZip offers an optional plugin that lets you open, extract, browse, or convert existing ACE files… but it will not let you create new ACE archives. But I suspect it’s subject to the same vulnerability that affected WinRAR, because the UNACE Plugin for PeaZip relies on the same unacev2.dll exploited by the researchers at CheckPoint.
Meanwhile popular cross-platform file archiving utility 7-zip has never supported ACE files.