This is kind of a silly thing to file a bug about.
The library design decision we don't like is that the IV isn't required; ie, an IV is not among the required arguments of some function in the argument.
There's no reasonable hot fix for this problem. It requires an API change to "fix".
Believe me, please believe me, there are much much worse things that developers will get wrong with AES on the iPhone than not remembering to set a random IV.
Then add it in here for the benefit of others: http://openradar.appspot.com