The invitations often offer discounts on designer labels, but they are from spammers, not the brands they claim to represent.
Whether the recipient accepts or rejects the invitation, it notifies the spammer that the message has been received, so that more can follow.
Sometimes they take the form of photo-sharing alerts.
Rather like spam email, the invitations are sent at random to huge email lists, and they appear as calendar notifications.
The flaw has existed for a while but has only recently been exploited, particularly in the run up to Black Friday.
"It's a problem with the way the iCloud works," said Prof Alan Woodward, a cybersecurity expert at Surrey University.
"Because the calendar and photo sharing is mirrored to the cloud - even if you say you don't want to go it still keeps a copy in the cloud.
"You can turn the iCloud off, but that defeats the object of having it, or you can use a complicated work around.
"What they really need is an 'ignore' button."
Business lawyer and technology writer David Sparks wrote a guide to dealing with the influx of unwanted mail on his blog.
He suggested creating a special calendar specifically for the spam or moving the notifications to arrive in email form, which can then be deleted without the sender knowing.
"Most of the calendar spam I've seen has originated from China," he wrote.
"Somebody has a big list of email addresses and sends out calendar invites with spammy links embedded.
"My guess is this is only going to get worse, and I really hope Apple intervenes."
Apple has been contacted by the BBC.