There's been discussion about moving RestKit to AFNetworking 2.x, and about how that would be an enormous undertaking. Some people have argued that RestKit would be better off using the new NSURLSession stuff, and dropping AFNetworking altogether. There may be someone working on an AFNetworking 2.x branch, but I'm not sure about that.
That said, is it known that this vuln is found in AFNetworking 1.x? Is it possible that it's just part of the 2.x line? I've been poking around, but haven't found anything definitive yet.