With the release of iOS 12, a new encoding scheme for tagged pointers was introduced, along with enhanced obfuscation techniques. From the Objective-C sources:
The tagged pointer obfuscator is intended to make it more difficult for an attacker to construct a particular object as a tagged pointer, in the presence of a buffer overflow or other write control over some memory. The obfuscator is XORed with the tagged pointers when setting or retrieving payload values. They are filled with randomness on first use.
With the release of iOS 12, a new encoding scheme for tagged pointers was introduced, along with enhanced obfuscation techniques. From the Objective-C sources: