According to the developers, on top of the security fixes, the update also contains hardening measures that provides additional security to WordPress installations and they have strongly urged all users to update their installations to version 3.5.2 immediately.

The security fixes in 3.5.2 include blocking of server-side request forgery (SSRF) attacks; updates to the TinyMCE editor, the external SWFUpload library and other components to protect against cross-site scripting (XSS) holes; update to WordPress’s password protection for posts that could lead to denial-of-service (DoS) attacks among others; and update that disallows contributors from improperly publishing posts or reassigning the post to a different author among others.

Users can either download the latest version or head on to their WordPress Dashboard and click on Updates. You can get more information about the fixes here.