Macrumors is quoting Spiegel.dewww. as saying that both a new security flaw has been found in iPhone OS 2.1, and that a patch will be included in iPhone OS 2.2 due to drop... tomorrow?!

[A] newly announced iPhone vulnerability that can force a (potentially expensive) phone call to be made simply by visiting a webpage in Safari... SIT reports that they notified Apple of the issue a month ago and that a fix will become available on November 21st through a firmware upgrade.

We've already run down the other new features rumored to be included in 2.2, so now we just sit by iTunes, hit the Update button, and wait (unless you've jailbroken, then remember to steer clear!)