My personal opinion is that this is a bug because it is a security issue that should be addressed. But I’m not the developer and the only reason I’m suggesting it is to bring it to the attention of the dev.
It should be possible, using filters, to alter the checks and check the mime time yourself. Although I’m not 100% sure of the details for doing so. https://www.advancedcustomfields.com/resources/acf-validate_value/, or maybe https://www.advancedcustomfields.com/resources/acf-upload_prefilter/, or maybe both.
