DOCSLIB.ORG

Automatic Detection of Flaws in Ios Sandbox Profiles

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Automatic Detection of Flaws in Ios Sandbox Profiles SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles Luke Deshotels Razvan˘ Deaconescu Mihai Chiroiu North Carolina State University POLITEHNICA of University POLITEHNICA of University Bucharest Bucharest [email protected] razvan.deaconescu@ mihai.chiroiu@ cs.pub.ro cs.pub.ro Lucas Davi William Enck Ahmad-Reza Sadeghi Technische Universität North Carolina State Technische Universität Darmstadt, Germany University Darmstadt, Germany [email protected] [email protected] [email protected] ABSTRACT application code to provide additional security. All of these Recent literature on iOS security has focused on the ma- works rely on interacting with the code of third-party iOS licious potential of third-party applications, demonstrating applications. how developers can bypass application vetting and code- We investigate something different: iOS sandbox profiles. level protections. In addition to these protections, iOS uses These sandbox profiles define access control policies for sys- a generic sandbox profile called \container" to confine ma- tem calls made by processes. There are 117 sandbox profiles licious or exploited third-party applications. In this paper, in the iOS 9.0.2 kernel, and many system daemons and ap- we present the first systematic analysis of the iOS container plications have dedicated profiles. However, all third-party sandbox profile. We propose the SandScout framework to applications, and some system applications, are confined us- extract, decompile, formally model, and analyze iOS sand- ing the shared \container" sandbox profile. The container box profiles as logic-based programs. We use our Prolog- sandbox profile is large and complex, leading to the research based queries to evaluate file-based security properties of the question: what flaws in the container sandbox profile can container sandbox profile for iOS 9.0.2 and discover seven third-party iOS applications exploit? classes of exploitable vulnerabilities. These attacks affect Goals and Contributions: In this paper, we present non-jailbroken devices running later versions of iOS. We are the SandScout framework to answer this research question. working with Apple to resolve these attacks, and we expect First, we create a tool, SandBlaster, which automatically that SandScout will play a significant role in the develop- extracts compiled profiles from a firmware image and de- ment of sandbox profiles for future versions of iOS. compiles them into their original SandBox Profile Language (SBPL). Second, we formally model sandbox profiles using Prolog by creating a compiler that automatically translates 1. INTRODUCTION SBPL policies into Prolog facts. Third, we develop Prolog The sale of smartphones has out-paced the sale of queries that test critical security properties of the container PCs [15]. The two dominant platforms for these smart sandbox policy. The queries identify potential security vul- phones are Android and iOS [16]. There has been a sig- nerabilities in the policy. Finally, we create an iOS applica- nificant amount of academic research on Android, in part, tion that provides assisted verification of potential vulnera- because of its open-source nature. In contrast, iOS is not bilities on iOS devices. open-source, and studies of iOS may require significant re- We use SandScout to evaluate the container sandbox pro- verse engineering effort. file for iOS 9.0.2. Sandbox profiles mediate all system calls Prior research on iOS security has focused on the follow- including file access and inter-process communication (IPC). ing three areas. First, works have demonstrated methods For this evaluation, we limit our security queries to file-based for creating iOS malware [48, 22, 33, 52, 40, 47]. Second, sandbox policy rules for two reasons. First, non-file-based others emphasize methods to detect malicious behavior ei- sandbox policy rules require additional semantics that are ther statically [29] or dynamically [28]. Third, new security not available in the policy. Second, we find significant se- mechanisms [22, 26, 50] have been proposed that hook into curity vulnerabilities within the file-based sandbox policy rules. We plan to expand our analysis to non-file-based pol- icy rules in future work. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed Our analysis of the file-based policy rules in the iOS for profit or commercial advantage and that copies bear this notice and the full cita- 9.0.2 container sandbox profile identified seven broad vul- tion on the first page. Copyrights for components of this work owned by others than nerabilities that are exploitable by third-party applications: ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re- publish, to post on servers or to redistribute to lists, requires prior specific permission (1) methods of bypassing iOS's privacy settings for Con- and/or a fee. Request permissions from [email protected]. tacts; (2) methods of learning a user's location search his- CCS’16, October 24-28, 2016, Vienna, Austria tory; (3) methods of inferring sensitive information by ac- c 2016 ACM. ISBN 978-1-4503-4139-4/16/10. $15.00 cessing metadata of system files; (4) methods of obtaining DOI: http://dx.doi.org/10.1145/2976749.2978336 the user's name and media library; (5) methods of consum- and executable at the same time. ASLR mitigates code- ing disk storage space that cannot be recovered by unin- reuse attacks by randomizing code and data segments in stalling the malicious app; (6) methods of preventing access memory. Interestingly, code signing complicates the ASLR to system resources such as the AddressBook; (7) methods design and limits its protection, because shuffling code re- for colluding applications to communicate without using iOS gions may invalidate signatures [2]. Prior work [48, 22, 42, sanctioned IPC. We have reported all of these vulnerabili- 34] has demonstrated several techniques for bypassing ap- ties to Apple and are working with them to ensure they are plication vetting and memory protections. fixed in future versions of iOS. iOS sandboxes all applications using a mandatory access This paper makes the following contributions: control policy to limit the abilities of exploited or malicious code. Sandbox policies are enforced by the Trusted BSD • We develop the first methods to automatically produce mandatory access control framework [18] using a kernel ex- human readable SBPL policies. Prior work was unable tension called Sandbox.kext. iOS uses different sandbox poli- to produce SBPL policies for human review or auto- cies (called profiles) for different applications. Many system mated analysis. Our tool extracts and decompiles all applications and daemons have their own profile. However, sandbox profiles in firmwares for iOS 7, 8, and 9. all third-party applications are controlled by a generic sand- box profile called container. The container sandbox profile • We formally model SBPL policies using Prolog. We is also used by several system applications. In order to sup- create an SBPL to Prolog compiler based on a context port the functionality of many different applications, it is free grammar we have defined for SBPL. the largest and most complex sandbox profile. • We perform the first systematic evaluation of the con- Sandbox profile rules define access to system calls (e.g., tainer sandbox profile for recent versions of iOS and file read and write). To be generic, the container sandbox discover vulnerabilities. We develop Prolog queries profile uses conditional rules that may require capabilities. representing security requirements. When applied to There are two primary types of capability considered by the the iOS 9.0.2 container sandbox profile, we discover sandbox: entitlements and sandbox extensions. Mentioned seven classes of security vulnerabilities. above, entitlements are static capabilities assigned by ap- plication's developer during development. Entitlements are The remainder of the paper proceeds as follows. Section 2 key-value pairs, which are stored in a dictionary structure provides background information. Section 3 provides an embedded in an application's code signature. Note that en- overview of SandScout. Section 4 discusses our design. Sec- titlement keys are not cryptographic keys, and they simply tion 5 presents our results. Section 6 provides discussion of map to values in the entitlement dictionary. Once the ap- our limitations. Section 7 presents related work. Section 8 plication has been signed, its entitlements cannot be mod- concludes. ified without invalidating the signature. In contrast, sand- box extensions are dynamic capabilities that can be granted 2. BACKGROUND or revoked at run time. System daemons such as the tccd daemon, which helps enforce iOS's user specified Privacy iOS is the operating system of the iPhone, iPod, iPad, Settings, can grant sandbox extensions. and older versions of AppleTV (newer AppleTV devices run Finally, while the vast majority of iOS's access control TVOS). iOS is based largely on Apple's desktop operating policy is enforced in using sandbox profiles, system, OS X, and the two share many internal similarities. Sandbox.kext there are various access control checks within system dae- 2.1 iOS Security Mechanisms mons. These system daemons maintain their own policies based on user preferences (e.g., for Privacy Settings) and iOS relies on four broad types of security mechanisms: ap- entitlements. In this paper, we limit our investigation to plication vetting, code signing, memory protection, and sand- the sandbox profiles and leave these other daemon specific boxing. When developers submit an application to the App access control policies to future work. Store [7] for vetting, they sign the application using their de- veloper key. While the specific details of the vetting process are only known to Apple, it is assumed that they use a com- 2.2 Sandbox Profile Language (SBPL) bination of static and dynamic analysis to detect malicious Sandbox profiles are written in the SandBox Profile Lan- behavior.
Load more

Recommended publications
  • Private Browsing
    Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor, Carnegie Mellon University https://www.usenix.org/conference/soups2018/presentation/habib-prying This paper is included in the Proceedings of the Fourteenth Symposium on Usable Privacy and Security. August 12–14, 2018 • Baltimore, MD, USA ISBN 978-1-939133-10-6 Open access to the Proceedings of the Fourteenth Symposium on Usable Privacy and Security is sponsored by USENIX. Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, Lorrie Faith Cranor Carnegie Mellon University {htq, jcolnago, vidyag, spearman, thomasjm, acquisti, nicolasc, lorrie}@andrew.cmu.edu ABSTRACT Prior user studies have examined different aspects of private Previous research has suggested that people use the private browsing, including contexts for using private browsing [4, browsing mode of their web browsers to conduct privacy- 10, 16, 28, 41], general misconceptions of how private brows- sensitive activities online, but have misconceptions about ing technically functions and the protections it offers [10,16], how it works and are likely to overestimate the protections and usability issues with private browsing interfaces [41,44]. it provides. To better understand how private browsing is A major limitation of much prior work is that it is based used and whether users are at risk, we analyzed browsing on self-reported survey data, which may not always be reli- data collected from over 450 participants of the Security able.
    [Show full text]
  • Privacy of Streaming Apps and Devices
    2021 PRIVACY OF STREAMING APPS AND DEVICES: WATCHING TV THAT WATCHES US Common Sense is the nation's leading nonprofit organization dedicated to improving the lives of kids and families by providing the trustworthy information, education, and independent voice they need to thrive in the 21st century. www.commonsense.org Common Sense is grateful for the generous support and underwriting that funded this report from the Michael and Susan Dell Foundation, the Bill and Melinda Gates Foundation, and the Chan Zuckerberg Initative. CREDITS Authors: Girard Kelly, Common Sense Media Jeff Graham, Common Sense Media Jill Bronfman, Common Sense Media Steve Garton, Common Sense Media Data analysis: Girard Kelly, Common Sense Media Jeff Graham, Common Sense Media Copy editor: Jennifer Robb Designer: Jeff Graham, Common Sense Media Suggested citation: Kelly, G., Graham, J., Bronfman, J., & Garton, S. (2021). Privacy of Streaming Apps and Devices: Watching TV that Watches Us. San Francisco, CA: Common Sense Media This work is licensed under a Creative Commons Attribution 4.0 International Public .License TABLE OF CONTENTS Privacy of streaming apps and devices 1 What are streaming services? ......................................... 1 Apps we rated ............................................... 1 How do streaming services make money? ............................... 2 How we rate privacy ........................................... 2 What we found .............................................. 6 Compare privacy ratings ........................................
    [Show full text]
  • User Manual Star Walk™ for Iphone/Ipod Touch/Ipad
    User Manual Star Walk™ for iPhone/iPod Touch/iPad December 2013, ver. 7.0.3 for Android devices January 2014, ver. 1.0.1 2 Star Walk™ manual Table of Contents iOS version 4 1 Introduction 4 2 Getting started 5 2.1 Sky Live window 5 2.2 Location set up 6 2.3 Using/Activating Star Spotter 8 2.4 Augmented Reality 9 2.5 Spectrum Bar 9 2.6. Stargazing Community 9 2.7 Display/Interface 11 3 Menu 11 3.1 Day and Night color schemes 12 3.2 Constellations display 12 3.3 Satellites 13 3.4 TelRad 13 3.5 Playing sounds 13 3.6 Playing music 13 3.7 Magnitude adjustment 13 4 Using functions of Star Walk™ 13 4.1 Changing date and time 13 4.2 Getting information about an object 14 4.3 Searching for sky objects 14 4.4 Watching astronomical events 15 4.5 Using Astronomy Pictures 16 4.6 Posting pictures in Star Walk™ 17 4.7 Sharing 18 4.8 Watching moon phases 19 5 Star Walk™ on a big screen using cables 19 6 Star Walk™ on a big screen using AirPlay 20 7 The Apple Volume Purchase Program 20 FAQ 22 Glossary 23 Android version 26 1 Introduction 26 2 Getting started 26 3 Star Walk™ manual 2.1 Sky Live window 27 2.2 Location set up 27 2.3 Using/Activating Star Spotter 28 2.4 Augmented Reality 29 2.5 Spectrum Bar 30 2.6. Sharing 30 2.7 Display/Interface 30 3 Menu 32 3.1 Day and Night color schemes 32 3.2 Constellations display 32 3.3 Satellites 32 3.4 Playing sounds 33 3.5 Playing music 33 3.6 Magnitude adjustment 33 4 Using functions of Star Walk™ 33 4.1 Changing date and time 33 4.2 Getting information about an object 33 4.4 Sharing 35 4.5 Watching moon phases 35 FAQ 36 Glossary 37 4 Star Walk™ manual iOS version 1 Introduction Star Walk™ is a stargazing application for amateurs, professionals, and kids who are eager to learn.
    [Show full text]
  • Best Iphone and Ipad Contracts
    Best Iphone And Ipad Contracts Cosmogonic Israel interrelate droningly. Weather-beaten Cain infer assentingly and tryingly, she maturated her settings snapped telescopically. Is Wyndham always episcopal and incoercible when outjut some Cynewulf very stichometrically and extemporaneously? Laptop Mag battery test. To best iphone and ipad contracts to. You think you with eddie kantar and networks, and your listings import has been copied to any use. For and contracts can you can check email, twilio and resellers will contract. Nfc is best, customers are more pinching and contracts quickly as. Except fit the unlimited minute tariffs when voicemail is free. To tomorrow a document, you need to draw a signature at the line. What other ways are there to locate one? Lte models in management software to your quarantine dweller are willing to fill out from one field to products as well as new battery and best iphone and ipad contracts can get. Carriers may offer cheap deals on these phones for want some time. Christine baker is best iphone and ipad contracts can decide if a problem submitting your customers can click the cart is there was your independent of security. Cell phone plans are complicated. You need to sign type to chin with same purchase. But it wins on speed and convenience every day inspect the week. Back market quality control center and contracts to protect is my phone and require consent to start your email you would mean a few areas of real world. This contract agreement template is best mobile app on it just say no more waiting for? You are solely responsible for removing all data, including confidential and personal data, given the device prior to shipping.
    [Show full text]
  • Campers Turn to Face Time Over Facetime
    AN INDEPENDENT NEWSPAPER SINCE 1879 THURSDAY, JUNE 15, 2017 $ NEWS 12 PAGES / VOLUME 135 / NUMBER 49 1STAND USPS 138-260 • MARION • KENTUCKY 24/7 BREAKING AND LOCAL NEWS THE-PRESS.COM Architect: CCMS renovation more costly By DARYL K. TABOR “...It would be more expen- ities planning committee, one would build a new high school forgo the burden on property STAFF WRITER sive to renovate than to build question has been whether to and renovate the vacated owners to erect a new school As the petition to recall a new,” said Craig Thomas, an renovate the 1948 structure to school for middle-schoolers. It over modernizing CCMS. school tax increase makes its architect with RBS Design address shortcomings or sim- would also tear down the por- “I’ve lived in this county way around the county col- Group in Owensboro, to Su- ply build a new school. That tion of CCMS built just after soon be 90 years,” said Beverly lecting signatures, the archi- perintendent of Schools Vince committee ultimately recom- World War II and renovate the Herrin to the board at the June Victory Gardens set tect selected by the school Clark in a June 6 letter. mended the board of educa- eighth-grade wing for a new 1 tax hearing. “I’m for you re- district to design a new facility Since discussion of a plan tion approve a property tax central office. pairing the school, but I’m weekday schedule said calls to simply renovate a to replace an aging Crittenden increase to fund new con- Few opponents to the so- sure against building a new The Victory Gardens 69-year-old middle school are tended by Crittenden County Middle School began struction.
    [Show full text]
  • Efail: Breaking S/MIME and Openpgp Email Encryption Using Exfiltration Channels
    Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak and Christian Dresen, Münster University of Applied Sciences; Jens Müller, Ruhr University Bochum; Fabian Ising and Sebastian Schinzel, Münster University of Applied Sciences; Simon Friedberger, NXP Semiconductors, Belgium; Juraj Somorovsky and Jörg Schwenk, Ruhr University Bochum https://www.usenix.org/conference/usenixsecurity18/presentation/poddebniak This paper is included in the Proceedings of the 27th USENIX Security Symposium. August 15–17, 2018 • Baltimore, MD, USA ISBN 978-1-939133-04-5 Open access to the Proceedings of the 27th USENIX Security Symposium is sponsored by USENIX. Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak1, Christian Dresen1, Jens Muller¨ 2, Fabian Ising1, Sebastian Schinzel1, Simon Friedberger3, Juraj Somorovsky2, and Jorg¨ Schwenk2 1Munster¨ University of Applied Sciences 2Ruhr University Bochum 3NXP Semiconductors, Belgium Abstract is designed to protect user data in such scenarios. With end-to-end encryption, the email infrastructure becomes OpenPGP and S/MIME are the two prime standards merely a transportation service for opaque email data and for providing end-to-end security for emails. We de- no compromise – aside from the endpoints of sender or scribe novel attacks built upon a technique we call mal- receiver – should affect the security of an end-to-end en- leability gadgets to reveal the plaintext of encrypted crypted email. emails. We use CBC/CFB gadgets to inject malicious plaintext snippets into encrypted emails. These snippets S/MIME and OpenPGP. The two most prominent stan- abuse existing and standard conforming backchannels to dards offering end-to-end encryption for email, S/MIME exfiltrate the full plaintext after decryption.
    [Show full text]
  • Keep Your Mobile Device Safe for Ios User
    Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Mobile Device Safe for iOS User KEEP YOUR MOBILE DEVICE SAFE FOR iOS USER • Restrict Installation of Applications from Unknown Sources 1 • Set Strong Password and Screen Lock 2 • Use Up-to-date Anti-malware Security Software 3 • Update Operating Systems, Mobile Applications and Browsers 4 • Encrypt Your Mobile Device 5 • Remove Insecure and Unnecessary Wi-Fi Connection Profile 6 • Disable GPS and Location Services 7 • Remove Mobile Applications That Abuse Sensitive Permissions 8 • Perform Device Backup 9 • Completely Remove Data Before Giving Away Or Selling Your 10 Devices Cyber Security Information Portal (www.cybersecurity.hk) Keep Your Mobile Device Safe for iOS User Index 1. Restrict installation of applications from unknown sources ........................ 3 2. Set strong password and screen lock ........................................................ 4 3. Use Up-to-date Anti-malware Security Software ........................................ 7 4. Update Operating Systems, Mobile Applications and Browsers ................ 8 5. Encrypt your mobile device ..................................................................... 10 6. Remove insecure and unnecessary Wi-Fi connection profile................... 11 7. Disable GPS and location services .......................................................... 13 8. Remove mobile applications that abuse sensitive permissions ................ 15 9. Perform device backup ...........................................................................
    [Show full text]
  • The Security Architecture of the Chromium Browser
    The Security Architecture of the Chromium Browser Adam Barth∗ Collin Jackson∗ UC Berkeley Stanford University Charles Reis∗ Google Chrome Team University of Washington Google Inc. ABSTRACT There have been a number of research proposals for mod- Most current web browsers employ a monolithic architec- ular browser architectures [8, 27, 5, 7] that contain multiple ture that combines \the user" and \the web" into a single protection domains. Like Chromium's architecture, these protection domain. An attacker who exploits an arbitrary proposals aim to provide security against an attacker who code execution vulnerability in such a browser can steal sen- can exploit an unpatched vulnerability. Unlike Chromium's sitive files or install malware. In this paper, we present the architecture, these proposals trade off compatibility with ex- security architecture of Chromium, the open-source browser isting web sites to provide architectural isolation between upon which Google Chrome is built. Chromium has two web sites or even individual pages. The browser's secu- modules in separate protection domains: a browser kernel, rity policy, known as the \same-origin policy," is complex which interacts with the operating system, and a rendering and can make such fine-grained isolation difficult to achieve engine, which runs with restricted privileges in a sandbox. without disrupting existing sites. Users, however, demand This architecture helps mitigate high-severity attacks with- compatibility because a web browser is only as useful as the out sacrificing compatibility with existing web sites. We sites that it can render. To be successful, a modular browser define a threat model for browser exploits and evaluate how architecture must support the entire web platform in addi- the architecture would have mitigated past vulnerabilities.
    [Show full text]
  • Updated FAQ on COVID-19 Policy Changes.” Additional COVID-19 Guidance from BDDS Can Be Found on the DDRS COVID-19 Webpage
    :\,' & so(', ,. , ~'is DivisionofDisabilityand T I" h I t d t (OVID 19 l ~ RehabilitativeServices 1emporary po icy C anges re a e O - \,,, "o ~ t~;::~.~(,~;;:;~f,;ental Frequently Asked Questions \t~-r\lJ- Contents _Toc64031905 Incident reporting guidance ................................................................................................................................ 2 Reporting in congregate residential settings....................................................................................................... 2 Suspension of new providers .............................................................................................................................. 8 Suspension of provider reverification ................................................................................................................. 9 Reopening efforts and individual restrictions..................................................................................................... 9 Day service guidance ........................................................................................................................................ 13 Guidance for visitors......................................................................................................................................... 15 Guidance for personal protective equipment .................................................................................................... 18 Contingency plans............................................................................................................................................
    [Show full text]
  • Flipsy Phone Selling Checklist
    PHONE BUYING CHECKLIST Assess phone condition (cosmetic & functional) o Run diagnostics . Android codes *#0*# and *#*#4636#*#* . iPhone battery performance: SETTINGS > BATTERY . 3rd party diagnostics apps • TestM (Android & iOS): https://testm.com/ • Phone Doctor Plus (Android & iOS): Search on app store • Phone Check and Test (Android): https://inpocketsoftware.com/phone-check-and-test/ o Assign condition Like New Good Fair Poor Broken • Working perfectly • Light use • Light use • Heavy use • Battery damage • Original packaging • No scratches • Some scratches • Cracked screen • Water damage • No signs of wear • Fully functional • Functional • Functional • Functional Verify phone model, carrier & capacity o Use settings menu (“About” section), OR o Locate IMEI, ESN, MEID or serial number on back or in SIM card tray & search SNDeepInfo (https://sndeep.info/en) Check if phone has been blacklisted o Lost, stolen or under contract? Search on CheckESNFree (http://www.checkesnfree.com/) o Is the seller the true owner? Meet at carrier store to verify phone ownership o Check seller’s photo ID & record name, address & phone number Check if phone has been jailbroken or rooted o Android: Use a root checker app o iPhone: See if Cydia, Icy or Installer apps are installed. Check for presence of default iPhone apps Make sure security features are disabled o Disable Find My iPhone Activation Lock, passwords, pin codes & biometric sensors, etc. Disable Find My Disable Screen Lock Disable Find My Disable Screen Lock iPhone Activation Lock (iPhone) Device (Android) (Android) SETTINGS > ICLOUD > SETTINGS > TOUCH ID SETTINGS > LOCK SETTINGS > SCREEN LOCK DEVICES > REMOVE & PASSCODE (or FACE SCREEN AND SECURITY TYPE > NONE FROM ACCOUNT ID & PASSCODE) > FIND MY DEVICE Remove SIM cards and microSD cards Check the resale value of the phone o Use Flipsy.com to see how much it’s worth Buy the phone & resell for a profit o See who is paying the most on Flipsy.com & get free shipping, instant sales and payments within 3 days flipsy.com .
    [Show full text]
  • Hub Newsletter Summer 2020.Indd
    Summer 2020 JUN • JUL • AUG The Hub on Smith, Keeping Community Connected So much has changed in our lives since our spring other senior centers across the country provide, are newsletter. Many of the activities scheduled for not offered merely to create a new hobby or pass March, April, and May were canceled and plans put one’s time. The critical role social connection plays on hold. in maintaining our emotional, psychological, and We were focusing then on the value we place on physical health is well researched and documented. our independence and how this sometimes gets Having a purpose, a social network, and place to in the way of asking for help or reaching out when gather are critical to our human existence. you need something, or someone. Although being How do we connect socially and social distance at able to take care of one’s self is a milestone we seek the same time? Our wonderful employees, volunteers, and hope to maintain, no one can thrive or survive and the community at large are coming up with without others. This is especially true now. unique adaptations to do just this! We are talking The COVID-19 pandemic provides us a unique with people on the phone, meeting on Zoom, and opportunity to understand the social isolation and even going on virtual field trips. This newsletter is full loneliness many older people feel every day. The of ways you can connect. social opportunities that the Hub on Smith and See full article on PG 3 A note from the inside Executive Director 3 Keeping Community Hello to everyone…we miss you very much! Connected Leadership expert and author, Brene’ Brown, talks about the importance of being clear in 3-5 COVID-19 How the Hub our communication.
    [Show full text]
  • 3D Apple Games by Tutorials (Up to Date for Ios 10, Xcode 8 and Swift 3) [Englishonlineclub.Com].Pdf
    3D iOS Games by Tutorials 3D Apple Games by Tutorials Chris Language Copyright ©2016 Razeware LLC. Notice of Rights All rights reserved. No part of this book or corresponding materials (such as text, images, or source code) may be reproduced or distributed by any means without prior written permission of the copyright owner. Notice of Liability This book and all corresponding materials (such as source code) are provided on an “as is” basis, without warranty of any kind, express of implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in action of contract, tort or otherwise, arising from, out of or in connection with the software or the use of other dealing in the software. Trademarks All trademarks and registered trademarks appearing in this book are the property of their own respective owners. raywenderlich.com 2 3D iOS Games by Tutorials Dedications "To my wife Corné and my daughter Marizé. Thank you for your patience, support, belief, and most of all, your love. Everything I do, I do for you." — Chris Language raywenderlich.com 3 3D iOS Games by Tutorials About the author Chris Language is a seasoned coder with 20+ years of experience. He has fond memories of his childhood and his Commodore 64; more recently he started adding more good memories of life with all his iOS devices. By day, he fights for survival in the corporate jungle of Johannesburg, South Africa.
    [Show full text]