I was curious to know if OpenJDK is also vulnerable to the Zero-Day Exploit that is currently afflicting Java 7 because of which experts are telling people to disable Java until a solution is found on all operating systems.
It was discovered that OpenJDK 7's security mechanism could be bypassed via
Java applets. If a user were tricked into opening a malicious website, a
remote attacker could exploit this to perform arbitrary code execution as
the user invoking the program.
Probably not for the specific exploit being used in the wild for Oracle's Java 7 plugin. These exploits are usually specifically crafted to run with a specific set of software.
However, OpenJDK can be vulnerable in a similar way, if it's because of a design/architecture error in the way Java works in a browser. I could not find any details on it (at the time of writing) to support that statement with facts, but previous vulnerabilities were specifically for Oracle's JRE/JDK while OpenJDK has its own.
Please note the difference between an exploit and a vulnerability in this context.
Also note that you are probably affected to some extent if you're running Oracle's JRE/JDK on Ubuntu. However, the exploits are probably targeted for Windows hosts, and Oracle's JRE/JDK is no longer distributed by Ubuntu, due to licensing issues (Oracle doesn't allow redistribution anymore).
