From the linked article and the slide deck, I've determined that the only thing exploited was the simulator software, which was running on a machine that the group already had full access on. There's no avionics being used in this. They're 'simulating' a set up with commercial PCs and training software. They're using the two communications standards, ADS-B and ACARS to communicate to a 'box' that they already had control over and already hooked into.
There is no exploit here.
If you want more detail about why this would never land, I've wrote about it here: http://zapistan.net/blog/2013/4/11/fear-mongering-the-friend...