With an amazing turn of speed for Apple, the critical SMS vulnerability ahs been patched and is now available for download (corresponding security note coverage):
The iPod firmware images are also available, but with a protected:: URL, whatever that means. I assume it's a HTTP behind the covers too ... (mind you, the iPod doesn't have the SMS vulnerability on account of not having SMS, so maybe no big deal there)