Apple fixed 27 vulnerabilities in Safari for Mac OS X and Windows today.
All of the vulnerabilities exist in the open-source Webkit engine. In addition, nearly all of them can be exploited to execute code remotely on Macs or Windows PCs.
Several of them can be exploited through drive-by attacks on malicious sites, Apple noted in the advisory. For example, an integer overflow exists in Webkit's handling of Text objects, and could be exploited via a maliciously crafted Website to cause an application crash or permit code execution. The issue was fixed through improved bounds checking, Apple said.
More information about the update can be found here.