This update resolves 1 security cross-site scripting (XSS) vulnerability (defined) that if exploited by an attacker could have allowed them gain control of your WordPress website. This issue was responsibly disclosed (defined) to WordPress and they worked internally to resolve it.
Due to the severity of this issue, WordPress is advising it’s users to update immediately.
WordPress users can update their CMS manually (access your WordPress dashboard and choose Updates -> Update Now). Since version 3.7 of WordPress an automatic updater (thanks to Sophos for this useful piece of information) will install the above mentioned update in the background. Full details of this update and how to install it are available in this WordPress blog post. WordPress.com hosted blogs such as the one you are reading now automatically receive such security updates.