Eavesdrop, but not initiate a transaction. I definitely wouldn't want to be in the same room as an active ISO 14443 antenna capable of powering up even low-powered tags/cards from 10 meters. That would be a lot of power!
That said, Apple devices use an active amplifier even in card emulation mode (which is why Apple Pay works considerably more reliably at awkward angles than Google Pay does on most Android phones).
> The distance from which an attacker is able to eavesdrop the RF signal depends on multiple parameters, but is typically less than 10 meters.
https://en.wikipedia.org/wiki/Near-field_communication