
macOS Big Sur 11.6.6 and Security Update 2022-004 Catalina
Apple has released macOS Big Sur 11.6.6 and Security Update 2022-004 for macOS 10.15 Catalina, patching 40 security vulnerabilities in Big Sur and 33 in Catalina. Both updates address multiple Intel Graphics Driver-related issues that could allow malicious apps to execute arbitrary code with kernel privileges, as well as AppleScript vulnerabilities and an issue with CoreTypes that could allow an app to bypass Gatekeeper checks. You can download these updates using Software Update on Macs running Big Sur or Catalina. It’s worth waiting a week or so before installing to make sure these updates don’t introduce any bugs; if you notice any problems after updating, please let us know in the comments. (Free, various sizes, macOS 11 and 10.15)
I installed this update and it did fix the issue where NTFS volumes were not mounting in the Finder even with the Tuxera driver. After that install, there was another for Safari 15.5 update.
EDIT: I forgot to mention my computer is on Catalina.
The install seemed to work for me (2018 Mac mini, running Big Sur), but Apple still needs to learn a lot about showing progress so users donât assume that the update failed, which might cause them to cut power, causing the half-installed update to actually brick the system.
In my case, the system seemed to reboot about 6 times (no chime, but the screen lost signal and the Apple-icon progress bar restarted each time), and the power light went off for four of them (the first time, for about 30 seconds) before it finally displayed an âabout 10 minutesâ progress message, after which it returned me to my desktop (and not the login screen
).
Iâve complained about updates like this before, so it doesnât surprise me anymore, but hopefully my report here can be a warning to others - if you think the update is taking too long or you think your system has crashed/bricked, donât do anything. Just keep waiting and it will probably complete successfully.
I didnât watch the whole process but I noticed some of the things you mentioned and I started to think it could have been in some sort of a loop but I just let it install. It took around 20-30 minutes so like you said, just keep waiting.
Thanks for the warning about disconcerting behaviour during the update to Big Sur 11.6.6
Elapsed installation time of approximately 30 minutes. Many reboots, as others noted. No issues so far on a 2019 iMac. Used the GUI version of software update.
The update took around half an hour on my 2018 MacMini running Big Sur. It ran through a series of progress bars followed by another restart and progress bar. About halfway through it presented me with the startup screen with the BigSur screen asking me for user name and password, then went through another series of progress bars. Then it sat there for a few minutes doing absolutely nothing I could see. Getting bored, I touched the Shift key to see if it was alive, and it opened immediately to my startup screen asking me to enter user name and password, which opened quickly. So it appears to be going not into turn-on mode but into something like sleep. Same thing David C. saw.
I also noticed that the Mac was virtually quiet after the upgrade, and when I checked Sound under System Preferences, Output was hooked to a headset where I couldnât hear the sound. I wonder if thereâs a sound supposed to signal the process is over that we canât hear because itâs changed the Output Sound preference.
I didnât wait a full week to install the Big Sur update on my iMac because I was having a problem with disappearing app windows. I was running Chrome as my browser (as usual) and the tabs were fine, but if I clicked on an app in my dock, its window would appear for a split second and then vanish.
So, I went ahead and installed 11.6.6, hoping it would solve the app windows problem. It didnât. Then, I had a flash of inspiration and closed Chrome. Voila! I could see my app windows again.
I searched for and read a fairly recent article comparing Safari and Chrome. The author was recommending Safari for several reasons, so I made the switch. Iâm still on the Safari learning curve, and I think Iâll get used to it, but now I have another problem. Iâm being denied access to my own PDFs.
In this case, I was just trying to print my weekly shopping list from a Google Sheet, but I frequently use PDFs (that I make using Pages) for social media posts. Can someone please tell me what is going on and how to fix it?
What do the permissions show when you do a âGet Infoâ?
At the bottom of the window, you should see something like this:
The first line (icon of a person in a circle) represents the documentâs owner and owner-permissions. It should be your short username and be indicated as âMeâ if you are currently logged in as that user. It should be âRead & Writeâ, unless you explicitly changed it to something else.
The next line (two person-icons) is the documentâs group membership and group-permission. It corresponds to a group of users. In my case, itâs the default âstaffâ group that macOS creates for all non-admin users. The permissions here are typically âRead onlyâ - so other members of the group can read it but not modify it.
The third line (three person-icons) is the permissions for âeveryoneâ - that is, anybody who is not the owner and doesnât belong to its group. This is typically âRead onlyâ.
If there are any additional lines, they correspond to access-control-lists (ACLs). You can add/remove them using the +/- buttons.
On each line, you can set permissions to âRead & Writeâ, âRead onlyâ or âNo accessâ. These correspond to Unix-standard permissions
rw-
,r--
and---
, respectively. (The GUI doesnât let you do uncommon things like make a file write-only but not readable).If your owner-permission is not âRead & Writeâ or if the owner is a user other than yourself, or if there are ACLs blocking your access, that would easily be the cause of your problem. You can change permissions and remove ACLs from the GUI. Unfortunately, changing ownership of a file requires some mucking about from a command-line session.
Thanks for your reply, David. When I checked âGet Info,â I saw that I had Read & Write privileges. Since I am the only person using my computer, I should be the owner of every document, especially if it was made using a native app like Pages, right?
Hereâs another quirk (and by the way, this didnât happen when I was running 11.6.5): After writing to you about my permissions problem, I went back to my Google Sheet shopping list and tried a second time to print it. This time it worked! Did the initial denial time out? Is there some machine learning going on?
Blaise
Itâs impossible to know, but I know that Google and Chrome do do some weird things. Especially if you are using Googleâs docs (as you are).
The documents may be hosted on a Google cloud server, with only an alias (of some form) on your Mac. So you double-click it and get an error (instead of a download followed by a document-open). But if the Google software was downloading content in the background (possibly initiated by your previous open attempt), then the file might be present the next time.
At least thatâs a theory. Itâs impossible for me to know without a lot more details. But I do know that Google likes to make everything cloud-centric, and there may be occasional glitches as data is synced on-demand from one location to another.
FWIW, I donât use any third-party cloud storage. When I work with Google or Microsoft, I use their web interface and explicitly upload/download the content I want. The only cloud storage that syncs with a folder on my Mac is iCloud, and thatâs only because I need it for the Books app to sync my PDFs to my phone and iPod.
OK, thanks.
Well now, isnât that special
After applying macOS Big Sur 16.5.6 (and Safari 15.5) updates (05/21/22), the next day, while using Excel (16.61) I was denied access to view picture files via hyperlinks in Excel with the advisory depicted below, Last Excel update was on 05/14/22
Getting info shows I have Read/Write access to the file, as do all the enclosing folders in the path up to BUT NOT INCLUDING my Documents Folder which advises I have âCustom Accessâ but with no way in the Get Info dialog to change permissions - different than all other folders in my home directory, and the home directory itself, where I have Read/Write Access
I continue to be able to add, delete, and open other files in Documents folder, and other nested folders, and, in fact the Excel document itself is nested within Documents - no problem editing and saving that.
Questions:
Is this a ânew normalâ for the Documents folder to be âcustom accessâ? - Cruising back in Time Machine shows it WAS Read/Write before the update. The same situation appears in my other âpristineâ Admin user account.
If not, whatâs the current recommended method to reset permissions? I see TechTool Pro 14 has such a tool⊠(Home Permissions)
âcourse, Iâm not ruling out Excel (and Office in general) as the culprit considering their sometimes problematic file access security warning system (anyone know how to disable that??) but Iâve not encountered this access denied situation EVER, until today and I use the âoffendingâ Excel document nearly every day
Any other thoughts or suggestions are welcome
Iâm aiming to contact AppleCare Support about this but thought Iâd run it by yâall here
Reprise - Curiouser and curiouser - Just spent some more time using the âoffendingâ Excel document - some of the hyperlinks work AOK, including newly added oneâs, some are still âAccess Deniedâ (you donât have permissionâŠ), even though all the linked documents individually show I have Read/Write Access. Still havenât discerned a rhyme or reason - thereâs presently 1551 hyperlinks added over the past seven years, and Iâve only checked a handful so far. All the existing hyperlinks went belly up after upgrading to Mac Office 2021 (f### you very much MS) and Iâve only been piecemealing at âregranting accessâ
I donât see it on my system. My Documents folder is listed as normal Read/Write access.
The Documents folder on my Admin account has something unusual. The GUI shows no group at all. When combined with the no-access permission for âeveryoneâ, it effectively blocks access from all other users. When viewed from my (non-admin) account, it looks like:
In order to see what your âcustom accessâ might be, open a Terminal window and type the following command:
$ ls [email protected] ~/Documents
This will show you any extended attributes and ACLs that may be associated with it.
On my system, running this on my own Documents folder (which has no special permissions, but a few extended attributes), I see:
And if I look at my admin accountâs Documents folder (with the unusual permissions), I can see the ACL thatâs doing it:
What do you see on your system? Iâm not sure how to change these permissions, but if we can see them then perhaps an answer will reveal itself.
Iâm grasping at straws here, but if you got to System Preferences â Security & Privacy â Privacy, what do you see in the âFiles and Foldersâ and âFull Disk Accessâ sections?
If Excel is on the list of apps in either of these sections, then see if there are checkboxes you can use to grant it access. Maybe Excel itself doesnât have permission to access the contents of your Documents folder. It may be able to open the spreadsheet itself because you explicitly selected it via a file-open dialog, but that may not apply to other files you didnât explicitly request.
Take a look and let us know what you find.
A file-open dialog grants access permission to the file or directory the user picks. This is a basic tenet of a sandboxed app. Permissions do not extend beyond those granted. As David has suggested, it is most likely the app ( Excel in this case ) which needs permission since Jeff can access/open those files from the Finder.
Slightly tangential: Some Apple framework calls squirrel away files in deeply-nested locations which other apps ( and probably the user too ) may not have access. For example, if you tell PMSessionSetDestination() to send a pdf file to Preview.app, the file ends up in a path like: /private/var/folders/jx/5046b0_54tv7lns0wrwcddrc0000gn/T/com.YourBundleID.yourAppName/printing.2517/unnamed document.pdf
Preview.appâs attempt to open it fails:
Since we canât see Excelâs source code, itâs at least possible theyâre doing something similar and running into a similar issue. This may not be the issue Jeff experiences but just more information to consider.
Forgot to mention: that temp cache path should be accessible to admin users but thatâs not great either since non-admins launch apps too. Iâll cease now.
That location is actually a sytem-standard location for temporary files of all kinds.
/private/var/folders
is a location for various per-user folders. The next two terms (thejx/5046b0_54tv7lns0wrwcddrc0000gn
in your example) correspond to a single user. Within that folder are a few special folders:0. This is the âDarwin Userâ directory (type
getconf DARWIN_USER_DIR
to see the directory for the current user). Iâm not entirely sure of its purpose (vs. using your home directory), but it has a bunch of directories corresponding to various Apple services, like Safari and Spotlight. I suspect it exists primarily for the benefit of internal âusersâ that donât have normal home directories.Iâve read a few articles claiming that it is not dangerous to wipe this directory (or anything in
/var/folders
), so I suspect that this directory is really meant for working data, or at least data that can be rebuilt from information stored elsewhere. Iâve seen articles saying that this is where the Finder keeps it thumbnail cache, and where Launchpad stores the icon layout. So you would notice if the data was deleted, but it wouldnât break the system.NOTE: I do not recommend manually purging anything under
/var/folders
unless you have an explicit need to do so. Even if the system does rebuild the content over time, purging it will hurt system performance (caches and temporary files exist for a reason), and you really donât know what system services are using these locations for.C. This is the âDarwin User Cacheâ directory (type
getconf DARWIN_USER_CACHE_DIR
to see the directory for the current user). It contains cache files and (according to the man page, cited below), it is automatically purged during safe boot.Cleanup At Startup. This is usually empty. The name implies that the system erases the contents at system startup. I think itâs meant for temporary files used by system upgrades, which should be trashed after the upgrade completes.
T. This is the âDarwin User Tempâ directory (type
getconf DARWIN_USER_TEMP_DIR
to see the directory for the current user). It is meant for temporary files (similar to/tmp
or/var/tmp
, but is per-user instead of global). The system is supposed to automatically purge any files in here that have not been accessed in the past 3 days. TheTMPDIR
environment variable, by default, also points to this location, so lots of applications store their temporary files here.X. Not sure about this one. All of the âXâ directories are world-readable, and they are empty for every user, at least on my Mac.
See also:
confstr
(or typeman confstr
in a terminal window).Wow thanks for all yâalls feedback on this issue
Still waiting for Lifeâs agenda for me to free up some time to contact AppleCare Support on the matter
I ran âdiskutil resetUserPermissions / id-uâ and the offending documents are still offensive (access denied) and Documents Directory remains âCustom Accessâ
Jeffs-iMac:~ jeff$ ls [email protected] ~/Documents
[email protected] 34 jeff staff 1088 Mar 6 07:40 /Users/jeff/Documents
com.apple.macl 72
0: group: everyone deny delete
Sys Prefs > Security & Privacy > Full Disk Access includes only one entry for Microsoft:
Sys Prefs > Security & Privacy > Files and Folders has no entries for Microsoft
It does occur to me when creating a hyperlink you explicitly select the document, then when you click the hyperlink, it opens the file (e.g., .jpg files in Preview). Then when you close the workbook, reopen it and click the link again, youâre required to âGrant Accessâ to the document⊠again. Once this happens, subsequent workbook sessions open the link without squawking. Iâve been railing MS about this mis-behavior for a number of years with no apparent success. The kick in the face was when I upgraded to Mac Office 2021 all the hyperlinks required re-granting access, and until the Big Sur 16.6.6 update, re-granting access worked ânormallyâ
Thus, apparently MS gets their âpermissionâ to open a document on a file-by-file basis rather than requesting access to the Documents directory carte blanc as many/most other apps do, with their âpermissionsâ displayed in âFiles and Foldersâ @ Sys Prefs. I even cruised back in my screen shot collection to when I first installed Office 2021 and found no evidence Microsoft ever asked for Permission to access the Documents (or any other) directory.
Hereâs the path to the most commonly linked directory â_Author Pixâ; the PEOPLE directory is where most of the other hyperlinks in the workbook are pointed. FWIW, the Excel document is a CryptoQuote (i.e., crypto-gram) solving tool and archive where I store the quotes, quote Author info (e.g., Blurb about who they are, a pix of the author, and a link to an authors folder in my PEOPLE directory if one exists)
Iâve 2 Macâs that I have just installed the security update for Catalina on.
Both caused File Sharing to become inoperable - the tick box simply wouldnât tick on.
(It was off before, but Iâve read of this issue online that if it was on, you couldnât turn it off).
Tried lots of different things (new user account, zapped PRAM, reset permission on the home folder etc) but in the end I reinstalled Catalina on one of the Macâs (just overwriting system files).
Upon reboot the problem was solved, however it immediately asked me to install the security update again, and when I did that, the problem returned.
So I can confirm that this Security update breaks file sharing on 2 of my Macâs and Iâve seen reports of this elsewhere online.
Thereâs a thread I posted this on here: macos catalina file sharing tick box will⊠- Apple Community
Hopefully Apple will notice and issue an update to the update (I believe something similar happened in High Sierra).
Thanks for posting this issue. I have file sharing on and the update did not affect that but if you turn it off and try to turn it back on, it wonât work.
In addition to the Terminal command mentioned in the link, if youâre using AFP like I am, you need this one as well to turn back on:
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.AppleFileServer.plist
Here is another older link with same commands:
https://discussions.apple.com/thread/8463141
I have an update on my permissions problem that I thought was caused by Big Sur 11.6.6. Today, I decided it was time to upgrade to Monterey. Not only is the permissions problem gone, but Safari feels faster and more stable.