In all of this there also needs to be clarification on what constitutes a hack.
I am subscribed to a lot of sources on hacking as part of my job, and it really is telling how many people show a failed logon attempt to a banking system as evidence of a "hack". No. What is happening there is that the system is protecting itself as designed.
I was once booked to speak on mainframe security at a conference and decided to research the other speakers. Two of them had speeches on the subject of mainframe vulnerabilities on YouTube. Their perception was laughable. On reflection, I decided not to speak. To do so would have involved rebutting their naive assumptions and thereby drive them into efforts which were potentially more fruitful than the culs de sac they were describing.
Hacking an aircraft would probably suggest one the following aims:
Claiming complete control of the aircraft systems;
Inputting false data to those systems;
Completely disabling those systems.
A more benign aim would be merely to eavesdrop on what was happening on the systems.
I would imagine that the software engineers have incorporated penetration testing in the development cycle and continue to do so as they enhance their systems.
In the meantime, those systems have a very effective backstop in that the systems are very real-time and any anomalies should be noticed and over-ridden by the people at the front end of the machine.
Regarding the guy mentioned in this thread, if he had any ethics as a hacker he has a very simple avenue open to him if he found a vulnerability and if he warned the airlines and if his warnings were ignored.
His option is to demonstrate it to officials from any flight regulatory authority that will listen to him. It doesn't need to be his own domestic authority. Record the outcome and use registered post to keep the whole thing a matter of record. Give them 6 months to have the issue addressed, with a subsequent paid PenTest to verify that the opening is now closed with immediate revelation to the Press if the systems are still proven to be vulnerable.
In the meantime utter confidentiality is maintained out of a healthy respect for self-survival. Hell, if I found that I could hack aircraft systems the last thing I'd do is go public. I wouldn't fancy being forced to spill the details while looking down the barrel of a terrorist's Uzi, or, worse, being forced to prove my technique on a real flight while my family cower and whimper under the cover of same Uzi.
tl;dr version: I'd guess that the systems have possible weaknesses but I'm sure that stringent penetration testing is ongoing. Aircrafts have pilots who should be able to override any system anomalies. Any hacker who would advertise a claimed hack of these systems is an idiot who is putting his life and that of others at risk.