The criticisms are correct on this. The software being exploited is java in the browser. In fact, anarticle on Networkworld references the CMU SEI CERT recommendation: "Unless it is absolutely necessary to run Java in web browsers, disable it, even after updating to 7u11."

So this zero-day security problem seems to be largely focused on java in the browser, not client side applications or server side applications.