I have been studying up on the concept of Just-in-Time (JIT) ROP attack (https://cs.unc.edu/~fabian/papers/oakland2013.pdf), and came across this question which I have not been able to find the definite answer.
In the above paper, the authors state that their attack is not related to JIT compilers, and the term JIT is simply used to denote that the payload is generated during the runtime.
However, in their JIT-ROP architecture, they uses LLVM (which has JIT compilation) and from reading this SoK regarding JIT attacks (https://www.usenix.org/conference/woot18/presentation/gawlik), the authors state
we surveyed the affected targets on the x86 and ARM architecture and established a connection to code-reuse attacks which abuse JIT compilers
which makes me believe that the JIT-compilers are indeed needed in order to successfully launch JIT-ROP attack (personally I think JIT is needed, since you need to be able to recompile victim's source code with found API pointers + necessary gadgets during runtime with escalated privilege). Also alot of JIT-related attacks are launched in the web browsers such as Chrome (V8), Firefox (IonMonkey) and Microsoft Edge (Chakra).
Could someone please clarify whether JIT-compiler is required to launch JIT-ROP attack?
