macOS High Sierra root password fix

UPDATE: Apple released a security update to solve this issue. Please have a look at

A security vulnerability was discovered in macOS High Sierra on November 28th, where you could enable and log into the root account without providing a password. To address this issue until Apple releases an update to fix it, Jamf School created a Package that will do a couple of things to block logins to the root account:

  1. Install an app called "High Sierra Root Password" in /Applications/Utilities
  2. Launch the app once, this app will do two things:
    1. Set the password to a random, 32 character long, string
    2. Set the root account's login shell to /usr/bin/false

Using Jamf School you can easily distribute this package to your macOS devices by following the steps below:

Create a Smart Group:

  • Go to Devices -> Groups and click on "Add Group".
  • Fill in a name, choose "Smart Group" as the type and click on the "Add" button
  • Enter the following rule:
    "Operating System" - "equals" - "macOS" - "10.13"
  • Click on "Save Scope"

 Distribute the package:

  • Download the "High Sierra Root Password Fix.pkg"
  • In Jamf School navigate to Apps, click on "Add App" and click on the "Add In-House macOS Package"

  • Select the "High Sierra Root Pasword Fix.pkg" file from your computer. 
  • Choose the Smart Group you've just created as the scope and click on "Save"
  • You're done! The package will be distributed to the macOS devices in scope and the fix described above will be applied. 
Have more questions? Submit a request


Article is closed for comments.