Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals

macOS Big Sur 11.6.6 and Security Update 2022-004 Catalina

Apple has released macOS Big Sur 11.6.6 and Security Update 2022-004 for macOS 10.15 Catalina, patching 40 security vulnerabilities in Big Sur and 33 in Catalina. Both updates address multiple Intel Graphics Driver-related issues that could allow malicious apps to execute arbitrary code with kernel privileges, as well as AppleScript vulnerabilities and an issue with CoreTypes that could allow an app to bypass Gatekeeper checks. You can download these updates using Software Update on Macs running Big Sur or Catalina. It’s worth waiting a week or so before installing to make sure these updates don’t introduce any bugs; if you notice any problems after updating, please let us know in the comments. (Free, various sizes, macOS 11 and 10.15)

Subscribe today so you don’t miss any TidBITS articles!

Every week you’ll get tech tips, in-depth reviews, and insightful news analysis for discerning Apple users. For over 33 years, we’ve published professional, member-supported tech journalism that makes you smarter.

Registration confirmation will be emailed to you.

This site is protected by reCAPTCHA. The Google Privacy Policy and Terms of Service apply.

Comments About macOS Big Sur 11.6.6 and Security Update 2022-004 Catalina

Notable Replies

  1. I installed this update and it did fix the issue where NTFS volumes were not mounting in the Finder even with the Tuxera driver. After that install, there was another for Safari 15.5 update.

    EDIT: I forgot to mention my computer is on Catalina.

  2. The install seemed to work for me (2018 Mac mini, running Big Sur), but Apple still needs to learn a lot about showing progress so users don’t assume that the update failed, which might cause them to cut power, causing the half-installed update to actually brick the system.

    In my case, the system seemed to reboot about 6 times (no chime, but the screen lost signal and the Apple-icon progress bar restarted each time), and the power light went off for four of them (the first time, for about 30 seconds) before it finally displayed an “about 10 minutes” progress message, after which it returned me to my desktop (and not the login screen :expressionless:).

    I’ve complained about updates like this before, so it doesn’t surprise me anymore, but hopefully my report here can be a warning to others - if you think the update is taking too long or you think your system has crashed/bricked, don’t do anything. Just keep waiting and it will probably complete successfully.

  3. I didn’t watch the whole process but I noticed some of the things you mentioned and I started to think it could have been in some sort of a loop but I just let it install. It took around 20-30 minutes so like you said, just keep waiting.

  4. Thanks for the warning about disconcerting behaviour during the update to Big Sur 11.6.6

  5. Elapsed installation time of approximately 30 minutes. Many reboots, as others noted. No issues so far on a 2019 iMac. Used the GUI version of software update.

  6. The update took around half an hour on my 2018 MacMini running Big Sur. It ran through a series of progress bars followed by another restart and progress bar. About halfway through it presented me with the startup screen with the BigSur screen asking me for user name and password, then went through another series of progress bars. Then it sat there for a few minutes doing absolutely nothing I could see. Getting bored, I touched the Shift key to see if it was alive, and it opened immediately to my startup screen asking me to enter user name and password, which opened quickly. So it appears to be going not into turn-on mode but into something like sleep. Same thing David C. saw.

    I also noticed that the Mac was virtually quiet after the upgrade, and when I checked Sound under System Preferences, Output was hooked to a headset where I couldn’t hear the sound. I wonder if there’s a sound supposed to signal the process is over that we can’t hear because it’s changed the Output Sound preference.

  7. I didn’t wait a full week to install the Big Sur update on my iMac because I was having a problem with disappearing app windows. I was running Chrome as my browser (as usual) and the tabs were fine, but if I clicked on an app in my dock, its window would appear for a split second and then vanish.

    So, I went ahead and installed 11.6.6, hoping it would solve the app windows problem. It didn’t. Then, I had a flash of inspiration and closed Chrome. Voila! I could see my app windows again.

    I searched for and read a fairly recent article comparing Safari and Chrome. The author was recommending Safari for several reasons, so I made the switch. I’m still on the Safari learning curve, and I think I’ll get used to it, but now I have another problem. I’m being denied access to my own PDFs.

    In this case, I was just trying to print my weekly shopping list from a Google Sheet, but I frequently use PDFs (that I make using Pages) for social media posts. Can someone please tell me what is going on and how to fix it?

  8. What do the permissions show when you do a “Get Info”?

    At the bottom of the window, you should see something like this:

    Screen Shot 2022-05-23 at 13.04.44

    The first line (icon of a person in a circle) represents the document’s owner and owner-permissions. It should be your short username and be indicated as “Me” if you are currently logged in as that user. It should be “Read & Write”, unless you explicitly changed it to something else.

    The next line (two person-icons) is the document’s group membership and group-permission. It corresponds to a group of users. In my case, it’s the default “staff” group that macOS creates for all non-admin users. The permissions here are typically “Read only” - so other members of the group can read it but not modify it.

    The third line (three person-icons) is the permissions for “everyone” - that is, anybody who is not the owner and doesn’t belong to its group. This is typically “Read only”.

    If there are any additional lines, they correspond to access-control-lists (ACLs). You can add/remove them using the +/- buttons.

    On each line, you can set permissions to “Read & Write”, “Read only” or “No access”. These correspond to Unix-standard permissions rw-, r-- and ---, respectively. (The GUI doesn’t let you do uncommon things like make a file write-only but not readable).

    If your owner-permission is not “Read & Write” or if the owner is a user other than yourself, or if there are ACLs blocking your access, that would easily be the cause of your problem. You can change permissions and remove ACLs from the GUI. Unfortunately, changing ownership of a file requires some mucking about from a command-line session.

  9. Thanks for your reply, David. When I checked “Get Info,” I saw that I had Read & Write privileges. Since I am the only person using my computer, I should be the owner of every document, especially if it was made using a native app like Pages, right?

    Here’s another quirk (and by the way, this didn’t happen when I was running 11.6.5): After writing to you about my permissions problem, I went back to my Google Sheet shopping list and tried a second time to print it. This time it worked! Did the initial denial time out? Is there some machine learning going on?


  10. It’s impossible to know, but I know that Google and Chrome do do some weird things. Especially if you are using Google’s docs (as you are).

    The documents may be hosted on a Google cloud server, with only an alias (of some form) on your Mac. So you double-click it and get an error (instead of a download followed by a document-open). But if the Google software was downloading content in the background (possibly initiated by your previous open attempt), then the file might be present the next time.

    At least that’s a theory. It’s impossible for me to know without a lot more details. But I do know that Google likes to make everything cloud-centric, and there may be occasional glitches as data is synced on-demand from one location to another.

    FWIW, I don’t use any third-party cloud storage. When I work with Google or Microsoft, I use their web interface and explicitly upload/download the content I want. The only cloud storage that syncs with a folder on my Mac is iCloud, and that’s only because I need it for the Books app to sync my PDFs to my phone and iPod.

  11. OK, thanks.

  12. Well now, isn’t that special

    After applying macOS Big Sur 16.5.6 (and Safari 15.5) updates (05/21/22), the next day, while using Excel (16.61) I was denied access to view picture files via hyperlinks in Excel with the advisory depicted below, Last Excel update was on 05/14/22

    Getting info shows I have Read/Write access to the file, as do all the enclosing folders in the path up to BUT NOT INCLUDING my Documents Folder which advises I have “Custom Access” but with no way in the Get Info dialog to change permissions - different than all other folders in my home directory, and the home directory itself, where I have Read/Write Access

    I continue to be able to add, delete, and open other files in Documents folder, and other nested folders, and, in fact the Excel document itself is nested within Documents - no problem editing and saving that.


    Is this a ‘new normal’ for the Documents folder to be “custom access”? - Cruising back in Time Machine shows it WAS Read/Write before the update. The same situation appears in my other ‘pristine’ Admin user account.

    If not, what’s the current recommended method to reset permissions? I see TechTool Pro 14 has such a tool… (Home Permissions)

    ‘course, I’m not ruling out Excel (and Office in general) as the culprit considering their sometimes problematic file access security warning system (anyone know how to disable that??) but I’ve not encountered this access denied situation EVER, until today and I use the ‘offending’ Excel document nearly every day

    Any other thoughts or suggestions are welcome

    I’m aiming to contact AppleCare Support about this but thought I’d run it by y’all here

    Reprise - Curiouser and curiouser - Just spent some more time using the ‘offending’ Excel document - some of the hyperlinks work AOK, including newly added one’s, some are still “Access Denied” (you don’t have permission…), even though all the linked documents individually show I have Read/Write Access. Still haven’t discerned a rhyme or reason - there’s presently 1551 hyperlinks added over the past seven years, and I’ve only checked a handful so far. All the existing hyperlinks went belly up after upgrading to Mac Office 2021 (f### you very much MS) and I’ve only been piecemealing at ‘regranting access’

  13. I don’t see it on my system. My Documents folder is listed as normal Read/Write access.

    The Documents folder on my Admin account has something unusual. The GUI shows no group at all. When combined with the no-access permission for “everyone”, it effectively blocks access from all other users. When viewed from my (non-admin) account, it looks like:

    Screen Shot 2022-05-25 at 13.12.07

    In order to see what your “custom access” might be, open a Terminal window and type the following command:

    $ ls -lde@ ~/Documents

    This will show you any extended attributes and ACLs that may be associated with it.

    On my system, running this on my own Documents folder (which has no special permissions, but a few extended attributes), I see:

    $ ls -lde@ ~/Documents
    drwxr-xr-x@ 59 (username)  staff  1888 Nov 12  2021 /Users/(sername)/Documents	  32	  72	  53 

    And if I look at my admin account’s Documents folder (with the unusual permissions), I can see the ACL that’s doing it:

    $ ls -lde@ ~admin/Documents/
    drwx------+ 4 admin  staff  128 Dec 30  2011 /Users/admin/Documents/
     0: group:everyone deny delete

    What do you see on your system? I’m not sure how to change these permissions, but if we can see them then perhaps an answer will reveal itself.

    I’m grasping at straws here, but if you got to System Preferences → Security & Privacy → Privacy, what do you see in the “Files and Folders” and “Full Disk Access” sections?

    If Excel is on the list of apps in either of these sections, then see if there are checkboxes you can use to grant it access. Maybe Excel itself doesn’t have permission to access the contents of your Documents folder. It may be able to open the spreadsheet itself because you explicitly selected it via a file-open dialog, but that may not apply to other files you didn’t explicitly request.

    Take a look and let us know what you find.

  14. A file-open dialog grants access permission to the file or directory the user picks. This is a basic tenet of a sandboxed app. Permissions do not extend beyond those granted. As David has suggested, it is most likely the app ( Excel in this case ) which needs permission since Jeff can access/open those files from the Finder.

    Slightly tangential: Some Apple framework calls squirrel away files in deeply-nested locations which other apps ( and probably the user too ) may not have access. For example, if you tell PMSessionSetDestination() to send a pdf file to, the file ends up in a path like: /private/var/folders/jx/5046b0_54tv7lns0wrwcddrc0000gn/T/com.YourBundleID.yourAppName/printing.2517/unnamed document.pdf’s attempt to open it fails:

    Since we can’t see Excel’s source code, it’s at least possible they’re doing something similar and running into a similar issue. This may not be the issue Jeff experiences but just more information to consider.
  15. Forgot to mention: that temp cache path should be accessible to admin users but that’s not great either since non-admins launch apps too. I’ll cease now.

  16. That location is actually a sytem-standard location for temporary files of all kinds.

    /private/var/folders is a location for various per-user folders. The next two terms (the jx/5046b0_54tv7lns0wrwcddrc0000gn in your example) correspond to a single user. Within that folder are a few special folders:

    • 0. This is the “Darwin User” directory (type getconf DARWIN_USER_DIR to see the directory for the current user). I’m not entirely sure of its purpose (vs. using your home directory), but it has a bunch of directories corresponding to various Apple services, like Safari and Spotlight. I suspect it exists primarily for the benefit of internal “users” that don’t have normal home directories.

      I’ve read a few articles claiming that it is not dangerous to wipe this directory (or anything in /var/folders), so I suspect that this directory is really meant for working data, or at least data that can be rebuilt from information stored elsewhere. I’ve seen articles saying that this is where the Finder keeps it thumbnail cache, and where Launchpad stores the icon layout. So you would notice if the data was deleted, but it wouldn’t break the system.

      NOTE: I do not recommend manually purging anything under /var/folders unless you have an explicit need to do so. Even if the system does rebuild the content over time, purging it will hurt system performance (caches and temporary files exist for a reason), and you really don’t know what system services are using these locations for.

    • C. This is the “Darwin User Cache” directory (type getconf DARWIN_USER_CACHE_DIR to see the directory for the current user). It contains cache files and (according to the man page, cited below), it is automatically purged during safe boot.

    • Cleanup At Startup. This is usually empty. The name implies that the system erases the contents at system startup. I think it’s meant for temporary files used by system upgrades, which should be trashed after the upgrade completes.

    • T. This is the “Darwin User Temp” directory (type getconf DARWIN_USER_TEMP_DIR to see the directory for the current user). It is meant for temporary files (similar to /tmp or /var/tmp, but is per-user instead of global). The system is supposed to automatically purge any files in here that have not been accessed in the past 3 days. The TMPDIR environment variable, by default, also points to this location, so lots of applications store their temporary files here.

    • X. Not sure about this one. All of the “X” directories are world-readable, and they are empty for every user, at least on my Mac.

    See also:

  17. Wow thanks for all y’alls feedback on this issue

    Still waiting for Life’s agenda for me to free up some time to contact AppleCare Support on the matter

    I ran “diskutil resetUserPermissions / id-u” and the offending documents are still offensive (access denied) and Documents Directory remains ‘Custom Access’

    Jeffs-iMac:~ jeff$ ls -ldeO@ ~/Documents

    drwx------@ 34 jeff staff 1088 Mar 6 07:40 /Users/jeff/Documents 72

    0: group: everyone deny delete

    Sys Prefs > Security & Privacy > Full Disk Access includes only one entry for Microsoft:

    Sys Prefs > Security & Privacy > Files and Folders has no entries for Microsoft

    It does occur to me when creating a hyperlink you explicitly select the document, then when you click the hyperlink, it opens the file (e.g., .jpg files in Preview). Then when you close the workbook, reopen it and click the link again, you’re required to “Grant Access” to the document… again. Once this happens, subsequent workbook sessions open the link without squawking. I’ve been railing MS about this mis-behavior for a number of years with no apparent success. The kick in the face was when I upgraded to Mac Office 2021 all the hyperlinks required re-granting access, and until the Big Sur 16.6.6 update, re-granting access worked ‘normally’

    Thus, apparently MS gets their ‘permission’ to open a document on a file-by-file basis rather than requesting access to the Documents directory carte blanc as many/most other apps do, with their ‘permissions’ displayed in “Files and Folders” @ Sys Prefs. I even cruised back in my screen shot collection to when I first installed Office 2021 and found no evidence Microsoft ever asked for Permission to access the Documents (or any other) directory.

    Here’s the path to the most commonly linked directory “_Author Pix”; the PEOPLE directory is where most of the other hyperlinks in the workbook are pointed. FWIW, the Excel document is a CryptoQuote (i.e., crypto-gram) solving tool and archive where I store the quotes, quote Author info (e.g., Blurb about who they are, a pix of the author, and a link to an authors folder in my PEOPLE directory if one exists)

    Screen Shot 2022-05-26 at 03.26.43

  18. I’ve 2 Mac’s that I have just installed the security update for Catalina on.

    Both caused File Sharing to become inoperable - the tick box simply wouldn’t tick on.
    (It was off before, but I’ve read of this issue online that if it was on, you couldn’t turn it off).

    Tried lots of different things (new user account, zapped PRAM, reset permission on the home folder etc) but in the end I reinstalled Catalina on one of the Mac’s (just overwriting system files).

    Upon reboot the problem was solved, however it immediately asked me to install the security update again, and when I did that, the problem returned.

    So I can confirm that this Security update breaks file sharing on 2 of my Mac’s and I’ve seen reports of this elsewhere online.

    There’s a thread I posted this on here: macos catalina file sharing tick box will… - Apple Community

    Hopefully Apple will notice and issue an update to the update (I believe something similar happened in High Sierra).

  19. Thanks for posting this issue. I have file sharing on and the update did not affect that but if you turn it off and try to turn it back on, it won’t work.

    In addition to the Terminal command mentioned in the link, if you’re using AFP like I am, you need this one as well to turn back on:

    sudo launchctl load -w /System/Library/LaunchDaemons/

    Here is another older link with same commands:

  20. I have an update on my permissions problem that I thought was caused by Big Sur 11.6.6. Today, I decided it was time to upgrade to Monterey. Not only is the permissions problem gone, but Safari feels faster and more stable.

Join the discussion in the TidBITS Discourse forum


Avatar for agen Avatar for jeff1 Avatar for bstevens33 Avatar for andrewlinden Avatar for Jeff_Swart Avatar for Shamino Avatar for jk2gs Avatar for Blaise Avatar for colddmac