Profiles and Permissions:

Profile contains user permissions and access settings that control what users can do within their organization.

A collection of settings and permissions that define how a user accesses records
– Determines how users see data and what they can do within the application
– A profile can have many users, but a user can have only one profile

Profiles Components:
1) Which standard and custom apps users can view
2) Which tabs users can view
3) Which record types are available to users
4) Which page layouts users see
5) Object permissions that allow users to create, read, edit, and delete records
6) Which fields within objects users can view and edit
7) Permissions that allow users to manage the system and apps within it
8) Which Apex classes and Visualforce pages users can access
9) Which desktop clients users can access
10)The hours during which and IP addresses from which users can log in
11)Which service providers users can access (if Salesforce is enabled as an identity provider)

PermissionSet:
PermissionSet represents a set of permissions that’s used to grant additional access to one or more users without changing their profile or reassigning profiles. You can use permission sets to grant access, but not to deny access.
Every PermissionSet is associated with a user license. You can only assign permission sets to users who have the same user license that’s associated with the permission set. If you want to assign similar permissions to users with different licenses, create multiple permission sets with the same permissions, but with different licenses.
Permission sets include settings for:

    Assigned apps
    Object settings, which include:
        Tab settings
        Object permissions
        Field permissions
    App permissions
    Apex class access
    Visualforce page access
    System permissions
    Service providers (only if you’ve enabled Salesforce as an identity provider)