A colleague pointed out that FPAC[1] in ARMV8.6-A likely prevents this attack, is that right?
I haven't fully digested the paper, but the gadgets seem to rely on AUT, and "Implementations with FPAC generate an exception on an AUT* instruction where the PAC is incorrect"
https://jobs.netflix.com/jobs/294103648
"The overall market range for roles in this area of Netflix is typically $180,000 - $900,000."